HCL AppScan Overview

HCL AppScan is the #13 ranked solution in our list of AST tools. It is most often compared to SonarQube: HCL AppScan vs SonarQube

What is HCL AppScan?

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

HCL AppScan is also known as IBM Security AppScan, Rational AppScan, AppScan.

Buyer's Guide

Download the Application Security Buyer's Guide including reviews and more. Updated: July 2021

HCL AppScan Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

HCL AppScan Video

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
TD
General Manager at a consultancy with 51-200 employees
Real User
Top 5
Allows for dynamic scanning but lacks easy CI/CD integration

What is our primary use case?

We perform more dynamic scanning using AppScan. We set up a scan, perform it and get the results, and then give the results back to our customer. Within our organization, there are four members of the team who are using it. Currently, we are satisfied with AppScan but I am sure there are better alternatives available because this is a very old product. It's been on market for more than ten years now. I am sure there are a lot of new age products that are more scalable and cloud-based. Although we are using it and will probably continue to do so moving forward, I think there are better… more »

Pros and Cons

  • "It identifies all the URLs and domains on its own and then performs tests and provides the results."
  • "One thing which I think can be improved is the CI/CD Integration"

What other advice do I have?

I would recommend AppScan to other businesses. In a small-scale setup, it works perfectly fine, but if you are a larger organization with a lot of applications and you need to do CI/CD, then it's probably not the solution for you. Conversely, in a small organization with less than 20 applications, this will work pretty nicely. On a scale from one to ten, I would give this solution a rating of seven. If they can integrate with CI/CD and make the log-in mechanism a little smoother, they should be able to scale it up. If they could integrate with the CI/CD pipeline and make the scans a little…
SH
Owner/ Consultant at a tech services company with 1-10 employees
Consultant
Top 20
Offers many support languages, scans in a decent amount of time and is easy to set up

What is our primary use case?

We primarily use the solution for static analysis.

Pros and Cons

  • "There's extensive functionality with custom rules and a custom knowledge base."
  • "The solution often has a high number of false positives. It's an aspect they really need to improve upon."

What other advice do I have?

I worked with the solution at a previous company. Now I am a consultant and I no longer work with the product. I don't have a business relationship with HCL. I wanted to do a POC with the current state of what was IBM AppScan and now is HCL. I contacted my contacts at IBM and then they started off the conversation and it went smoothly because a number of people from IBM had gone over to HCL when that product was acquired. Various tools have their strengths, I would advise anyone who is interested in using a similar solution do a proof of concept first with a few options. Try Checkmarx…
Find out what your peers are saying about HCL, Micro Focus, Veracode and others in Application Security. Updated: July 2021.
523,742 professionals have used our research since 2012.
FM
Senior Manager, IT Test Automation Engineering at a outsourcing company with 10,001+ employees
Real User
Top 20
Offers a few specific development languages but needs more languages and lacks good technical support services

Pros and Cons

  • "The solution offers services in a few specific development languages."
  • "They have to improve support."

What other advice do I have?

I don't have information on the relationship HCL has with my company. My understanding is they are just a vendor for us. In general, I would rate them at a six out of ten. There are many areas in which they could improve, including by adding more languages and re-vamping their technical support. They are lacking in a lot of areas.
Buyer's Guide
Download our free Application Security Report and find out what your peers are saying about HCL, Micro Focus, Veracode, and more!