We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."It was easy to set up."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"The reporting part is the most valuable feature."
"You can easily find particular features and functions through the UI."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"The application scanning feature is the most valuable feature."
"The solution is good at reporting the vulnerabilities of the application."
"The stability of the solution is very good."
"The solution has tightened our security."
"The solution is scalable."
"The API is exceptional."
"You can run it against multiple targets."
"Automatic scanning is a valuable feature and very easy to use."
"Scans become slow on large websites."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"There is room for improvement in the pricing model."
"They could add a software component analysis tool."
"AppScan is too complicated and should be made more user-friendly."
"One thing which I think can be improved is the CI/CD Integration"
"The product reporting could be improved."
"There isn't too much information about it online."
"There are too many false positives."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The technical support team must be proactive."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"Deployment is somewhat complicated."
"It would be beneficial to enhance the algorithm to provide better summaries of automatic scanning results."
HCL AppScan is ranked 12th in Application Security Testing (AST) with 39 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 37 reviews. HCL AppScan is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, Checkmarx One and Fortify WebInspect, whereas OWASP Zap is most compared with SonarQube, Acunetix, PortSwigger Burp Suite Professional, Qualys Web Application Scanning and SonarCloud. See our HCL AppScan vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.