We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is easy to use."
"It's a well-known platform for doing dynamic application scanning."
"The most valuable feature of this solution is the ability to make our customers more secure."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"There are lots of small settings and tools, like an HTTP editor, that are very useful."
"Good at scanning and finding vulnerabilities."
"The solution's technical support was very helpful."
"The user interface is ok and it is very simple to use."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"The product has valuable features for static and dynamic testing."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"The most valuable feature of the solution is Postman."
"The solution is easy to use."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"I like the recording feature."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"Not sufficiently compatible with some of our systems."
"The solution needs better integration with Microsoft's Azure Cloud or an extension of Azure DevOps. In fact, it should better integrate with any cloud provider. Right now, it's quite difficult to integrate with that solution, from the cloud perspective."
"The scanner could be better."
"We have had a problem with authentification."
"Lately, we've seen more false negatives."
"A localized version, for example, in Korean would be a big improvement to this solution."
"The initial setup was complex."
"Fortify WebInspect could improve user-friendliness. Additionally, it is very bulky to use."
"There is not a central management for static and dynamic."
"They could add a software component analysis tool."
"A desktop version should be added."
"They should have a better UI for dashboards."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"AppScan is too complicated and should be made more user-friendly."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 40 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.6. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Qualys Web Application Scanning. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.