Most Helpful Review
A mature and evolving solution that has become the pinnacle point for anything that enters the network
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
The static scans are good, and the SaaS as well.
It provides a better integration for our ecosystem.
You can easily find particular features and functions through the UI.
We leverage it as a quality check against code.
We are now deploying less defects to production.
Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production.
It has certainly helped us find vulnerabilities in our software, so this is priceless in the end.
I like the recording feature.
It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed.
There is not a central management for static and dynamic.
Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products.
I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources.
I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers.
IBM Security AppScan Source is rather hard to use.
There are so many lines of code with so many different categories that I am likely to get lost.
It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good.
I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point.
The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side.
Pricing and Cost Advice
AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost.
Information Not Available
out of 32 in Application Security
out of 37 in Vulnerability Management
Compared 19% of the time.
Compared 17% of the time.
Compared 16% of the time.
Compared 48% of the time.
Compared 31% of the time.
Compared 20% of the time.
Also Known As
|Rational AppScan, AppScan||IP360|
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
Tripwire IP360 delivers risk-based vulnerability assessment and asset discovery capabilities. With IP360, you get:
Learn more about IBM Security AppScan
Learn more about Tripwire IP360
|Essex Technology Group Inc., Cisco, West Virginia University, APIS IT||State of Iowa, State of Minnesota, U.S. Cellular|
Comms Service Provider15%
Financial Services Firm15%
No Data Available