We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"The accuracy of its scans is great."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Good at scanning and finding vulnerabilities."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"It's a well-known platform for doing dynamic application scanning."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The product has valuable features for static and dynamic testing."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"Technical support is helpful."
"The most valuable feature of HCL AppScan is scanning QR codes."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"The scanner could be better."
"One thing I would like to see them introduce is a cloud-based platform."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"Creating reports is very slow and it is something that should be improved."
"The initial setup was complex."
"Not sufficiently compatible with some of our systems."
"AppScan is too complicated and should be made more user-friendly."
"Sometimes it doesn't work so well."
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."
"They have to improve support."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 6 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 19 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify WebInspect writes "Easy to set up with responsive support and lots of customization". On the other hand, the top reviewer of HCL AppScan writes "A useful tool to scan applications that can be easily installed". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, OWASP Zap, Acunetix and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, OWASP Zap and PortSwigger Burp Suite Professional. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.