HCL AppScan Room for Improvement

I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point. View full review »

One thing that we would like in this tool is that it keeps ahead of the security guys, because one big advantage of this tool is that it always offers updates. Security is a process, you mitigate a risk, but the malware guys, they're trying to find another security hole in your environment. And the technology is evolving. So new security vulnerabilities are in the software. The point is, I hope that IBM continue, in improving and launching new versions, new upgrades, that can mitigate those security risks. That's the most important value. It's not the tool itself, but the continuous enhancement of the tool. That's why we recommended this tool. View full review »

I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers. View full review »

IBM Security AppScan Source is rather hard to use. Some improvements need to be made to the usability for AppScan Source, specifically. Our biggest problem, we have a lot of code and everything just ends up looking like spaghetti after we run an AppScan Source. It is hard to evolve from one rev to the next. Trying to reuse the things we have found in a previous release to the next release is too hard. View full review »

More seamless integration with Fortinet's technologies as this would make our customers happy. At the moment, it is a good integration, but it is the first time that we have done it. Therefore, there needs to be more integration within our fabric, so it is less obvious. Visibility is an issue for us. Our partners were not even aware that we had an integration with AppSense. They do not know we have integrations with some of IBM products. Part of this is our marketing budget is small compared to IBM's. I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources. We are not like IBM, which is huge. We need to prioritize which engineer will work on which technology. With QRadar, it has better integration because we have been working with it for awhile and there is a roadmap. There are always new things coming out. View full review »

It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good. View full review »

I believe there are improvements that can be made, but I'm not aware of those kinds of things. View full review »

I haven't actually used it personally, so I'm not sure that I would be able to answer this. View full review »

While I did not identify any specific bugs in this application. I did find that sometimes a restart was needed to deal with unresponsiveness means when AppScan is in a hang situation, this happens usually when you select a large number of sources. IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications. View full review »

* It has crashed at times * Scans become slow on large websites * Many silly false positives are produced View full review »

There is not a central management for static and dynamic. This would be great, at least with competition such as Micro Focus. View full review »

It would be nice to be able to specify the parameter values ​​used in the login sequence function. View full review »