• Home
  • HCL AppScan vs. Veracode

HCL AppScan vs Veracode comparison

Cancel
You must select at least 2 products to compare!
HCLTech Logo

HCL AppScan

Read 39 HCL AppScan reviews
5,557 views|4,286 comparisons
81% willing to recommend
Veracode Logo

Veracode

Read 193 Veracode reviews
26,359 views|17,613 comparisons
89% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
HCL AppScan vs. Veracode
March 2024
Executive Summary

We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.

Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed HCL AppScan vs. Veracode Report (Updated: March 2024).
Download the complete report
768,246 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched Veracode but chose HCL AppScan: Offers many support languages, scans in a decent amount of time and is easy to set up
Suzan Nascimento
Researched HCL AppScan but chose Veracode: Remediation consulting calls with the vendor help us find vulnerabilities much faster
It has allowed us to scale and find vulnerabilities much faster than previous manual tools. It has allowed us to educate developers on it to use... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"AppScan is stable.""It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply.""We use it as a security testing application.""I like the recording feature.""For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted.""The most valuable feature of the solution is the scanning or security part.""There's extensive functionality with custom rules and a custom knowledge base.""The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."

More HCL AppScan Pros →

"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well.""The most valuable feature is the static scan that checks for security issues.""We have found the static analysis to be useful in Veracode Static Analysis. However, we are in the process of testing.""The user interface is quick, familiar, and user-friendly and makes navigation to other software very easy.""Provides consistent evaluation and results without huge fluctuations in false positives or negatives.""The time savings has been tremendous. We saw ROI in the first six months.""The ability on static scans to be able to do sandbox scans which do not generate metrics.""I like Veracode's static analysis. It was one of the core development tools when I worked with a telecommunication company where we were delivering new features for various applications and purposes each week, such as CRM, data channels, compliance, traffic data, etc."

More Veracode Pros →

Cons
"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed.""HCL AppScan needs to improve security.""The solution often has a high number of false positives. It's an aspect they really need to improve upon.""It has crashed at times.""A desktop version should be added.""I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point.""The pricing has room for improvement.""There is room for improvement in the pricing model."

More HCL AppScan Cons →

"Veracode can improve the price model and how they bill the final offer to customers. It's based on the amount of traffic. For example, you can buy 1 gigabyte distributed across various applications, and each one can consume part of the whole allotment of traffic data.""Mitigation review isn't always super easy.""Maybe the pipeline scanning doesn't support enough languages. It might only support Java and Python only, so that could be improved.""I haven't heard about any problems so far. However, it would be great if Veracode automatically packaged stuff up for you.""It can take time to find options if you don’t use the interface a lot. At some point, a bit of interface restyling may help.""Reporting. Some of the reporting features of Veracode do need improvement. They do not have the most robust access to data. That would be a bit more beneficial to a lot of our clients as well as our actual in-house staff. I've been talking to our program management at Veracode about that, and that is actually on their radar to have that improved, I think actually this year.""The solution does not support Dynamic Application Security Testing.""The negative that I found is that it has a subscription-based model."

More Veracode Cons →

Pricing and Cost Advice
  • "AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • "HCL AppScan is expensive."
  • "I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
  • "The price is very expensive."
  • "The solution is moderately priced."
  • "The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

    • More HCL AppScan Pricing and Cost Advice →

  • "Its complexity makes it quite expensive, but it’s all worth it, with all the engineering in the background."
  • "The pricing is pretty high."
  • "The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
  • "I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
  • "It's worth the value"
  • "Pricing seems fair for what is offered, and licensing has been no problem. All developers are able to get the access they need."
  • "It can be expensive to do this, so I would just make sure that you're getting the proper number of licenses. Do your analysis. Make sure you know exactly what it is you need, going in."
  • "The licensing and prices were upfront and clear. They stand behind everything that is said during the commercial phase and during the onboarding phase. Even the most irrelevant "that can be done" was delivered, no matter how important the request was."

    • More Veracode Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
    See Recommendations
    768,246 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about HCL AppScan?
    Top Answer:The product has valuable features for static and dynamic testing.
    Read all 17 answers   →
    What needs improvement with HCL AppScan?
    Top Answer:HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify… more »
    Read all 20 answers   →
    What is your primary use case for HCL AppScan?
    Top Answer:HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient.
    Read all 18 answers   →
    Which gives you more for your money - SonarQube or Veracode?
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. SonarQube has a great community edition, which is open-source and free. Easy to use… more »
    Read all 6 answers   →
    What do you like most about Veracode?
    Top Answer:The SAST and DAST modules are great.
    Read all 96 answers   →
    What is your experience regarding pricing and costs for Veracode?
    Top Answer:The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and database features. It is worth the money.
    Read all 66 answers   →
    Ranking
    14th
    out of 74 in Application Security Tools
    Views
    5,557
    Comparisons
    4,286
    Reviews
    17
    Average Words per Review
    339
    Rating
    7.2
    2nd
    out of 74 in Application Security Tools
    Views
    26,359
    Comparisons
    17,613
    Reviews
    99
    Average Words per Review
    970
    Rating
    8.1
    Comparisons
    SonarQube logo
    SonarQube vs. HCL AppScan
    Compared 15% of the time.
    Acunetix logo
    Acunetix vs. HCL AppScan
    Compared 10% of the time.
    Checkmarx One logo
    Checkmarx One vs. HCL AppScan
    Compared 8% of the time.
    OWASP Zap logo
    OWASP Zap vs. HCL AppScan
    Compared 8% of the time.
    More HCL AppScan Competitors   →
    SonarQube logo
    SonarQube vs. Veracode
    Compared 27% of the time.
    Checkmarx One logo
    Checkmarx One vs. Veracode
    Compared 14% of the time.
    Snyk logo
    Snyk vs. Veracode
    Compared 6% of the time.
    Fortify on Demand logo
    Fortify on Demand vs. Veracode
    Compared 6% of the time.
    Mend.io logo
    Mend.io vs. Veracode
    Compared 3% of the time.
    More Veracode Competitors   →
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    Crashtest Security , Veracode Detect
    Learn More
    HCLTech
    Veracode
    Overview

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    Veracode is a leading application security platform that helps organizations to develop and deliver secure software. Veracode's solution provides comprehensive capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing.

    Veracode's static analysis solution scans source code for various security vulnerabilities, including common web application attack vectors, injection flaws, cross-site scripting, and insecure direct object references. Veracode's dynamic analysis solution simulates real-world attacks to identify vulnerabilities that may not be detectable by static analysis alone. Veracode's software composition analysis solution scans open-source and third-party components for known vulnerabilities. Veracode's manual penetration testing service is performed by experienced security professionals who use a variety of techniques to identify vulnerabilities in software applications.

    Many organizations, including Fortune 500 companies, government agencies, and startups, use Veracode's solution. Veracode's customers rely on Veracode to help them to improve the security of their software applications and to reduce the risk of data breaches and other security incidents.

    Here are some of the benefits of using Veracode:

    • Veracode provides capabilities for static analysis, dynamic analysis, software composition analysis, and manual penetration testing to help organizations identify and fix security vulnerabilities in their software applications early in the development process.
    • Veracode helps organizations reduce the risk of data breaches and other security incidents by identifying and fixing security vulnerabilities in their software application. 
    • Veracode helps organizations to comply with industry regulations. Many industries have regulations that require organizations to implement security measures to protect their customers' data. Veracode's solution can help organizations to comply with these regulations by providing them with the tools and resources they need to identify and fix security vulnerabilities in their software applications.
    Sample Customers
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
    Top Industries
    REVIEWERS
    Government15%
    Transportation Company15%
    Comms Service Provider10%
    Financial Services Firm10%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm14%
    Government10%
    Manufacturing Company9%
    REVIEWERS
    Computer Software Company26%
    Financial Services Firm23%
    Insurance Company9%
    Comms Service Provider6%
    VISITORS READING REVIEWS
    Financial Services Firm18%
    Computer Software Company15%
    Manufacturing Company8%
    Government6%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise11%
    Large Enterprise64%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise71%
    REVIEWERS
    Small Business31%
    Midsize Enterprise20%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    Buyer's Guide
    HCL AppScan vs. Veracode
    March 2024
    Free Report: HCL AppScan vs. Veracode
    Find out what your peers are saying about HCL AppScan vs. Veracode and other solutions. Updated: March 2024.
    DOWNLOAD NOW
    768,246 professionals have used our research since 2012.

    HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while Veracode is ranked 2nd in Application Security Tools with 193 reviews. HCL AppScan is rated 7.6, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". HCL AppScan is most compared with SonarQube, Acunetix, Checkmarx One, PortSwigger Burp Suite Professional and OWASP Zap, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and Mend.io. See our HCL AppScan vs. Veracode report.

    See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.