HCL AppScan Archived Reviews (More than two years old)

Filter by:Reset all filters
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Real User
Manager at a tech vendor with 501-1,000 employees
Jun 13 2018

What do you think of HCL AppScan?

What is our primary use case?

Our clients use it to try to find errors in base code, and also to find how solutions work together. I believe they have on-premise usage; they are local government, so they are not very used to using the cloud.

How has it helped my organization?

I'm mainly working on the licensing side and not the technical side, so I don't get this kind of feedback.

What is most valuable?

Scalability, and it's a very powerful tool.

What needs improvement?

I believe there are improvements that can be made, but I'm not aware of those kinds of things.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

It's stable.

What do I think about the scalability of the solution?

For the market in…
Reseller
Business Development Manager at a tech services company with 10,001+ employees
Apr 02 2018

What do you think of HCL AppScan?

What is our primary use case?

It is an application for security assessment or scanning for static environments. With all customers, it is performing well.

What is most valuable?

The static scans are good, and the SaaS as well. 

What needs improvement?

There is not a central management for static and dynamic. This would be great, at least with competition such as Micro Focus.

For how long have I used the solution?

Less than one year.

How is customer service and technical support?

The technical support is knowledgeable. However, our issue is not enough resources supporting our region. For Dubai, which is in the Gulf region, we need more technical support resources.

How was the initial setup?

The initial setup is not that complex.

What other advice do I have?

Most…
Find out what your peers are saying about HCL, Micro Focus, Veracode and others in Application Security. Updated: June 2020.
425,093 professionals have used our research since 2012.
Consultant
Senior Cloud Architect at a tech company with 1,001-5,000 employees
Apr 02 2018

What is most valuable?

Its integration from a UI perspective. You can easily find particular features and functions through the UI. For its first initial release, the integration was pretty good.

How has it helped my organization?

It provides a better integration for our ecosystem. From a Fortinet perspective, this can lead to integration of selling our own products.

What needs improvement?

More seamless integration with Fortinet's technologies as this would make our customers happy. At the moment, it is a good integration, but it is the first time that we have done it. Therefore, there needs to be more integration within our fabric, so it is less obvious. Visibility is an issue for… more»

What other advice do I have?

Have a look at the competitors as well. There is more than one vendor in the market. I would definitely do your due diligence.
Vendor
CEO at a government
Mar 27 2018

What is most valuable?

I think it's easy to use and gives back some pretty good results, certainly for vulnerabilities.

How has it helped my organization?

It has certainly improved our organization In terms of quality of solutions that are developed.

What needs improvement?

I haven't actually used it personally, so I'm not sure that I would be able to answer this.

What other advice do I have?

We've had a relationship for some time, over 20 years now, with IBM. It's really about the products, in terms of what we are looking for. That's really the deciding factor in deciding whether we'd use them for a particular solution.
Real User
People Leader Of Cyber Strategy And Solutions at a insurance company with 10,001+ employees
Mar 27 2018

What is most valuable?

We leverage it as a quality check against code.

How has it helped my organization?

With AppScan, we are now deploying less defects to production.

Which solution did I use previously and why did I switch?

We were using something else (a competing product of IBM), but we switched to AppScan because it is reliable.

What other advice do I have?

Most important criteria when selecting a vendor: At the end of the day, it would have to be the support and relationship. There are a lot of smart people out there building products which do things. However, not everyone can use them, and without having someone to call, it is sort of its own… more»
Real User
CTO at Anzen
Mar 26 2018

What is most valuable?

It helps you to enforce security practices, beyond the reach of just operations and training. So give the training, but besides that you can detect some deviations in the development process. I think that's the most valuable of all the… more»

How has it helped my organization?

Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production. AppScan has absolutely… more»

What needs improvement?

I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all… more»

Which solution did I use previously and why did I switch?

Usually our clients want to build in-house, but when we present the benefits of a product already built and, out of the box, it can offer a lot of features and can solve the problem right now... Sometimes the cost is equivalent to… more»

Which other solutions did I evaluate?

Our clients evaluate Oracle, sometimes Microsoft. Our clients go with IBM, in Mexico, mainly because of the support. You can get more hands-on experienced people on IBM platforms than Oracle's, so if there is an issue - we always have… more»
TimHill
Real User
Director For Security Products at a manufacturing company with 10,001+ employees
Mar 25 2018

What is most valuable?

The most valuable feature is the web scan from our perspective. Being able to quickly find the vulnerabilities if any developer has inadvertently put them in. The source scan is of value, but it is so hard to use that it is of less value.

How has it helped my organization?

It has certainly helped us find vulnerabilities in our software, so this is priceless in the end. IBM Application Security has contributed to the maturity of our AppScan risk management program. While it depends on the product, on average ten percent of our code is open source. Many products are… more»

What needs improvement?

IBM Security AppScan Source is rather hard to use. Some improvements need to be made to the usability for AppScan Source, specifically. Our biggest problem, we have a lot of code and everything just ends up looking like spaghetti after we run an AppScan Source. It is hard to evolve from one rev to… more»

What other advice do I have?

AppScan Web is a good, and it does a good job. For AppScan Source, you might find a better solution out there. We are not actively looking for a better solution right now, and are just using it. However, if somebody else was starting from scratch, that is what I would tell them. Most important… more»
Real User
Senior Security Specialist at a transportation company with 10,001+ employees
Mar 25 2018

What is most valuable?

There's a recording feature that I really like. You pass through the login pages. If you record the login part, it becomes very fast with the solution.

How has it helped my organization?

It has contributed to the maturity of our AppSec risk management program. I would rate that maturity level as eight out of 10. The testing part of your application's security is very valuable. You can't avoid that. Applications are the faces of companies to the world. How much your application is… more»

What needs improvement?

It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good.

What other advice do I have?

When selecting a vendor we look for * a global brand * support * user friendliness * cost, and the license models. I would recommend AppScan.
Vendor
Director Of Product Cyber Security at a aerospace/defense firm with 10,001+ employees
Mar 22 2018

What is most valuable?

For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results… more»

How has it helped my organization?

It helps the organization the way we process the entire thing. It has actually helped a little bit with the speed of delivery too, which was surprising because most people thought it would be the… more»

What needs improvement?

I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point.

Which solution did I use previously and why did I switch?

Here I have an unfair advantage. I came out of a large security company, and because of my experience and the fact that we had a need, I looked around for the best solutions that were available. There… more»

What other advice do I have?

In terms of rating it, because I haven't had it installed long enough, and we haven't finished all the integration because of the Professional Services yet, I'd say it's rating really well, toward… more»

Which other solutions did I evaluate?

Veracode, Synopsis, and a few others. What made us go with IBM was the integration and automation efforts; what it would do there, and the fact that it did so well at what AppScan does, which was in… more»
Consultant
Managing director at Accenture
Mar 20 2018

What is most valuable?

It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code.

How has it helped my organization?

It decreases the operational risk, security risk, a lot. In fact, when we first used it, the number of vulnerability alerts generated by the tool was huge. As time goes on, we can decrease those vulnerabilities because we learn from it. So… more»

What needs improvement?

One thing that we would like in this tool is that it keeps ahead of the security guys, because one big advantage of this tool is that it always offers updates. Security is a process, you mitigate a risk, but the malware guys, they're trying… more»

What other advice do I have?

The most important criteria when selecting a vendor, first of all, is their capability to continuously invest in the development and enhancement of the software. We are in a very changing process, software is a very changing environment, in… more»

Which other solutions did I evaluate?

One competitor that I remember, one of the last candidates in the evaluation process was Checkmarx. Those tools, especially from startups that come from Israel, they try to grab this market space that IBM dominates. That's why they have to… more»
Prasoon Nigam
Consultant
Security Consultant at a consultancy with 10,001+ employees
Jan 17 2018

What do you think of HCL AppScan?

How has it helped my organization?

IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability.

What is most valuable?

Many features are valuable but some features stand out, like using our own scripts, and capturing the authentication.

What needs improvement?

It has crashed at times Scans become slow on large websites Many silly false positives are produced

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

Yes, sometimes we encounter stability issues.

What do I think about the scalability of the solution?

Yes, sometimes we encounter scalability issues.

How are customer service and technical support?

I would rate tech…
Vendor
Application Security Consultant at a financial services firm with 10,001+ employees
Jul 06 2017

What is most valuable?

It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings.

How has it helped my organization?

The benefits are that we that we can find security vulnerabilities fast, get that back to development teams, and report on those. They can then act, fix the issues, and we'll have a secure code in place.

What needs improvement?

We would like to be able to integrate to some of the other tools that we are using. That would be great. We would like to integrate with some of the other reporting tools that we're planning to use in the future.

What other advice do I have?

What I look for most in a vendor is the product, the offer, the service, the vendor service, and after sale support. I would definitely recommend this product.
Vendor
Chief information with 5,001-10,000 employees
Apr 20 2017

What is most valuable?

We are currently using it in the integration of our agile process so we can find any breaches in the apps while they're in the development process. We can then fix breaches before they go into a production environment. It comes with all of the templates that we need. For example, we are a company… more»

How has it helped my organization?

Before we had this solution, our security team was doing manual reviews with the scripts. This would take us a lot of work hours and a lot of people were involved in the process. Now we just send it to AppScan and we can do other stuff like defining processes or dealing with management issues. We… more»

What needs improvement?

We are moving a lot into mobile. While the solution does have a lot of functionalities in mobile, we are trying to expand it more aggressively. We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices. We would like to see… more»

What other advice do I have?

At the beginning, you need to know the reach and what you are expecting. The solution is not going to be a silver bullet that will fix everything in your app. You have to have a mature SDLC process for developers to follow. If they don't have that, AppScan could provide great insight in order to… more»
Vendor
Security Consultant at a tech vendor with 501-1,000 employees
Aug 31 2016

What is most valuable?

The most valuable feature of this product is its capability to detect XSS and SQL injection.

How has it helped my organization?

Security issues reported by the tool help customers write secure code.

What needs improvement?

* Better detection of DOM-based XSS * Better remediation guidance using code examples and contexts

Which solution did I use previously and why did I switch?

I previously used HP WebInspect and Qualys. I prefer Appscan, as it much more user friendly, and it detects cross-site scripting and SQL injection issues much better than other tools in the market. Also, it has a lower false-positive count than others.

What is HCL AppScan?

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

Also known as
IBM Security AppScan, Rational AppScan, AppScan
HCL AppScan customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

BUYER'S GUIDE
Download our free Application Security Report and find out what your peers are saying about HCL, Micro Focus, Veracode, and more!