HCL AppScan Competitors and Alternatives 2019

Get our free report covering Veracode, Micro Focus, Checkmarx, and other competitors of HCL AppScan. Updated: June 2019.
353,599 professionals have used our research since 2012.

Read reviews of HCL AppScan competitors and alternatives

Don Robbins
Real User
Software Configuration Manager at a tech vendor with 501-1,000 employees
Jun 19 2019

What is most valuable?

I'm more of the admin as opposed to a user of Checkmarx. Overall, the ability to find vulnerabilities in the code is better than the tool that we were using before.

How has it helped my organization?

I haven't been monitoring how well our projects have been at reducing vulnerabilities. Checkmarx is one that you have to actively follow, and my position doesn't require… more»

What needs improvement?

One of the biggest heartaches that we have is that all of our Windows servers are on an automated upgrade. Whenever Windows upgrades, we lose the order of the ciphers and… more»

What's my experience with pricing, setup cost, and licensing?

I've got 100 licenses for Checkmarx. As people come and go, it's a hassle to add and remove them. In this day and age, it's such a meaningless time-waster.

If you previously used a different solution, which one did you use and why did you switch?

The tool that we were using before was AppScan.

What other advice do I have?

From an administrative standpoint, I would rate Checkmarx with a five out of ten. From what my users are telling me, I'd give it an eight for the tool's ability to report… more»

Which other solutions did I evaluate?

We were previously working with Azure. We switched because of their implementation of SQL Server. Checkmarx uses statements to move from database to database. Azure does… more»
Suzan Nascimento
Real User
SVP Application Security at a financial services firm with 10,001+ employees
May 17 2018

What is most valuable?

The most valuable feature is the remediation consulting that they give. I feel like any vendor can identify the flaws but fixing the flaws is what is most important. Being able to have those… more»

How has it helped my organization?

It has allowed us to scale and find vulnerabilities much faster than previous manual tools. It has allowed us to educate developers on it to use the consultation calls.

What needs improvement?

I would like to see more technical support for some of the connectors, some more detailed diagrams or run-books on how to install some of the stuff; more hand-holding in the sense of understanding our… more»

If you previously used a different solution, which one did you use and why did you switch?

At a previous company, we were using HPE Fortify. We couldn't scale because it was an on-prem solution. Therefore, after five years, we decided to break out of the mold and use a SaaS solution. We… more»

What other advice do I have?

I would give Veracode a nine out of 10 because it scales incredibly well, they have very qualified people working there who are able to clearly articulate what the problems are when they are talking… more»

Which other solutions did I evaluate?

HPE Fortify, Checkmarx, IBM AppScan. It really was between HPE Fortify, most of the time, and Veracode. I typically like Veracode because it is a SaaS solution. You have other providers now that do… more»
Rishi Kant
Real User
Senior Security Engineer at a insurance company with 10,001+ employees
May 18 2019

What is most valuable?

There are several features that I like about this solution. The most valuable feature is that it has support for add-ons where we can add extra little scripts to the tool… more»

How has it helped my organization?

I don't have specific metrics but I can say that using this tool adds value.

What needs improvement?

There is a lot to this product, and it would be good if when you purchase the tool, they can provide us with a more extensive user manual. This would help us to better… more»

What's my experience with pricing, setup cost, and licensing?

The cost is approximately $500 for a single license, and there are no additional costs beyond the standard licensing fees.

If you previously used a different solution, which one did you use and why did you switch?

We have always used Burp Suite because it is a well-known tool.

What other advice do I have?

They are steadily improving things and adding features to this product. It was only three months ago when they added the dashboard support. Before that, they only had… more»

Which other solutions did I evaluate?

We considered using OWASP Zed Attack Proxy, which is open source. We decided to use this alongside the current solution, and also with IBM Security AppScan. This tool is… more»
Kiran Gujju
Real User
Cyber Security Architect (USDA) at a government with 10,001+ employees
Jun 20 2019

What is most valuable?

The most valuable features are the dashboard reports and the ease of integrating it with Jenkins.

How has it helped my organization?

It definitely helped our organization in hardening the software, the application itself. This is a part of our process now.

What needs improvement?

Although it has Sonar built into it, it is still lacking. Customization features of identifying a particular attack still need to be worked on. To give you an example: if we want to scan and do a false positive analysis, those types of… more»

If you previously used a different solution, which one did you use and why did you switch?

No, not that I am aware of.

What other advice do I have?

SonarQube is a very good tool. It is lightweight and very cost effective as compared to IBM AppScan. The dashboard is really neat and easy to operate. It gives a lot of information that makes it very easy for the developers. You can get it… more»
Get our free report covering Veracode, Micro Focus, Checkmarx, and other competitors of HCL AppScan. Updated: June 2019.
353,599 professionals have used our research since 2012.
Sign Up with Email