HCL AppScan Other Advice

AnanyaRoy - PeerSpot reviewer
Risk Analyst at Deloitte

Once we get the updates for HCL AppScan, another team in my company takes care of the installation of the new updates, which takes about half a day.

I would tell those who plan to use HCL AppScan that it is a helpful and beginner-friendly product.

I rate the overall product a ten out of ten.

View full review »
RR
Head of Data Link at Telecom Egypt

I would recommend the solution. Overall, I would rate the solution an eight out of ten. 

View full review »
Rishi Anupam - PeerSpot reviewer
Senior Manager at Airtel

I rate the overall solution eight out of ten.

View full review »
Buyer's Guide
HCL AppScan
March 2024
Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
PD
Director at KPMG

Overall performance of this solution is not terrible but it does not offer new age features. If you want to integrate with other solutions or complete testing in the cloud, this is not the right solution. I would advise others considering this solution to complete a proper proof of concept or to run a pilot before implementing it.

I would rate this solution a three out of ten. 

View full review »
Gladwin Christian - PeerSpot reviewer
QA manager at SmartStream Technologies ltd.

I rate the overall tool a seven and a half to eight out of ten.

View full review »
AnshulTomar - PeerSpot reviewer
Cyber Security Architect and Presales Consultant at Kyndryl

I rate HCL AppScan a nine out of ten, specifically for SAST and DAST functionality. However, I would rate a seven out of ten for the areas related to API and mobile application security testing.

View full review »
SG
Application Security Engineer at a transportation company with 1,001-5,000 employees

It's user-friendly and easy to install and analyze results. The solution also provides clear explanations and recommendations in the output, which is very helpful. I highly recommend it.

Overall, I would rate the solution a nine out of ten. 

View full review »
RN
Principal Architect, Application Build Security. at a transportation company with 10,001+ employees

Before you choose a tool, whether it is Burp Suite, AppScan, or any other tool, you must first construct your business requirements, or the business use case. And you must detail out all of the product's features, as well as map the features to the business use cases. If the product meets or exceeds the majority of the business use cases, then you only need to choose that product. Otherwise, you will end up customizing the product after you buy it, which will create issues in terms of engaging with the professional services of that specific vendor. Then there's the matter of time and money. 

Detail all of your business use cases, then map those use cases to the product feature list and choose the product.

We have a business relationship with AppScan, as customers, and some of our business partners have project outsourcing with IT companies, such as HCL, IBM, Dell, and Infosys.

I would rate HCL AppScan a nine out of ten.

View full review »
JH
Security Engineer at KEPCO KDN

I am using the latest version of the solution. We usually perform ethical hacking using Burp Suite. The solution will be more advanced if it can be developed using ChatGPT. I would recommend the solution to others because it is the most famous web scanner. Overall, I rate the solution a five out of ten.

View full review »
CV
CTO at SAQ

I would rate the overall solution a nine out of ten.

View full review »
Manh Duong - PeerSpot reviewer
General Manager at Groupe PROGEREAL- FINAREAL - PROMOREAL

I rate HCL AppScan an eight out of ten.

View full review »
FP
Senior Manager - IT Security & ISMS at Ericsson

I would rate the product a three out of ten. We use the solution only for quarterly scanning. There are better tools in the market at the same price. These tools can integrate more with applications. The tool's providers don't invest in making a good product. Hence, it is better to use a different tool. 

View full review »
Miar Ahmad - PeerSpot reviewer
Software Engineer at Inspire for Solutions Development

I give the solution a nine out of ten.

I am currently the first person in my company to begin working with HCL. We have not yet gone to any clients, but I plan to get certified in HCL with AppScan. When we have clients that require components from HCL, I will be the representative for them as I am knowledgeable in the subject.

I would highly recommend HCL for people in the workforce. It has a user-friendly interface and the cost is much lower than Tenable. The database is good, and installation is easy. Additionally, technical support is likely to be helpful. Finally, there are a lot of other tools that come with HCL, such as scanners and detectors, which will make the job much easier.

View full review »
TH
Director For Security Products at a manufacturing company with 10,001+ employees

AppScan Web is a good, and it does a good job. 

For AppScan Source, you might find a better solution out there. We are not actively looking for a better solution right now, and are just using it. However, if somebody else was starting from scratch, that is what I would tell them.

Most important criteria when selecting a vendor: quality of the software.

View full review »
JB
Solutions Architect at a tech vendor with 10,001+ employees

I'm not sure of the exact version I'm using. 

I'd rate the solution nine out of ten. It's pretty straightforward to use, and we like that it is a managed cloud. 

View full review »
Basit Shah - PeerSpot reviewer
Software Quality Assurance Engineer at IT22

Someone who wants to use the solution must know why they need the solution. It is quite expensive. We must not spend much on something we do not need. If we have a need and can afford the solution, HCL is a good solution. It is very easy to understand. It has a lot of features. The reporting system is good. Overall, I rate the product a seven out of ten.

View full review »
Yong Seok Kang - PeerSpot reviewer
Technical Consultant at MTRiver Consulting

I rate HCL AppScan an eight out of ten. 

View full review »
SH
Owner/ Consultant at a tech services company with 1-10 employees

I worked with the solution at a previous company. Now I am a consultant and I no longer work with the product. I don't have a business relationship with HCL.

I wanted to do a POC with the current state of what was IBM AppScan and now is HCL. I contacted my contacts at IBM and then they started off the conversation and it went smoothly because a number of people from IBM had gone over to HCL when that product was acquired.

Various tools have their strengths, I would advise anyone who is interested in using a similar solution do a proof of concept first with a few options. Try Checkmarx, Fortify, Veracode, and AppScan, and see which one makes the most sense for your company's purposes. Those would be the top four in my opinion right now.

Overall, I would rate the solution eight out of ten.

View full review »
AR
Scientific Officer at a tech services company with 51-200 employees

There are some very cost-effective solutions out there. They are also very efficient for systems scanning.

Overall, I rate the solution an eight-point five out of ten.

View full review »
it_user841956 - PeerSpot reviewer
Director Of Product Cyber Security at a aerospace/defense firm with 10,001+ employees

In terms of rating it, because I haven't had it installed long enough, and we haven't finished all the integration because of the Professional Services yet, I'd say it's rating really well, toward excellent. But it's just one of those things, until you see all the proof in the pudding...

As of right now I would rate it an eight out of 10.

The advice I would give to a colleague is, first, know your development process and where it's weak. From there, insert secure development, realize that it's not about the tool, it's about the process of development. Then find the tools that solve that. For us the key was, could it integrate, could it automate, and could it make the developer's workload easier? That's what we looked for.

View full review »
EE
Innovation manager at a computer software company with 51-200 employees

We are end-users.

I'd rate the solution a seven out of ten.

View full review »
David Mawazo - PeerSpot reviewer
Chief Information Officer at TeleTracking Technologies, Inc.

I give the solution an eight out of ten.

I recommend the solution to others.

We have around 4,000 end users.

View full review »
VijayKumar16 - PeerSpot reviewer
Global Business Development Executive - Applications, Data & AI Practice at Kyndryl

I would rate AppScan four out of ten.

View full review »
FM
Senior Manager, IT Test Automation Engineering at a outsourcing company with 10,001+ employees

I don't have information on the relationship HCL has with my company. My understanding is they are just a vendor for us.

In general, I would rate them at a six out of ten. There are many areas in which they could improve, including by adding more languages and re-vamping their technical support. They are lacking in a lot of areas.

View full review »
EO
Senior Security Specialist at a transportation company with 10,001+ employees

When selecting a vendor we look for 

  • a global brand
  • support
  • user friendliness
  • cost, and the license models.

I would recommend AppScan.

View full review »
it_user634890 - PeerSpot reviewer
Chief information with 5,001-10,000 employees

At the beginning, you need to know the reach and what you are expecting. The solution is not going to be a silver bullet that will fix everything in your app.

You have to have a mature SDLC process for developers to follow. If they don't have that, AppScan could provide great insight in order to develop it. Once you have both things in motion, it runs automatically.

When looking for a vendor, we want to know if they will go beyond that what is out-of-the-box. We want to see if they will tell us what additional features we can exploit in the solution.

We want to know if they will provide us with knowledge about apps or code for a specific matter and if they can support our expectancy of growth in the near future.

View full review »
TD
General Manager at a consultancy with 51-200 employees

I would recommend AppScan to other businesses. In a small-scale setup, it works perfectly fine, but if you are a larger organization with a lot of applications and you need to do CI/CD, then it's probably not the solution for you. Conversely, in a small organization with less than 20 applications, this will work pretty nicely.

On a scale from one to ten, I would give this solution a rating of seven.

If they can integrate with CI/CD and make the log-in mechanism a little smoother, they should be able to scale it up. If they could integrate with the CI/CD pipeline and make the scans a little faster, then I would give it a higher rating.

View full review »
it_user840909 - PeerSpot reviewer
Managing director at Accenture

The most important criteria when selecting a vendor, first of all, is their capability to continuously invest in the development and enhancement of the software. We are in a very changing process, software is a very changing environment, in terms of the technology. If you develop a tool, launch this tool, but don't have enough commitment to upgrade, to continuously enhance, it's not worth it. That's why I think IBM has a good presence in this area.

My advice would be, don't see only the cost. Try to see the capability of the tools and, besides that, as I have stressed in this review, the capability of the vendor to invest in enhancing and mitigating the risks that will come. New risks, new threats, security threats, will appear. If you don't have a company that is continuously enhancing its software, there will be a problem.

I would rate this product a nine out of 10. The reason I don't give it a 10 is because AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost. But with the maintenance - and the maintenance is the most important, as I told you, because it has to continuously enhance the tool to mitigate the increasing malware in the future - IBM could recover the investment and meet their target margins in another way.

Unfortunately, there is a big discussion if it is very expensive, to use it or not, and there are competitors. I see competitors trying to grab this market.

But from the point of view of quality, very excellent quality, it's above all the tools that I have worked with.

View full review »
MH
Senior Cloud Architect at a tech company with 1,001-5,000 employees

Have a look at the competitors as well. There is more than one vendor in the market. I would definitely do your due diligence.

View full review »
it_user844479 - PeerSpot reviewer
People Leader Of Cyber Strategy And Solutions at a insurance company with 10,001+ employees

Most important criteria when selecting a vendor: At the end of the day, it would have to be the support and relationship. There are a lot of smart people out there building products which do things. However, not everyone can use them, and without having someone to call, it is sort of its own disadvantage. 

View full review »
it_user634947 - PeerSpot reviewer
Application Security Consultant at a financial services firm with 10,001+ employees

What I look for most in a vendor is the product, the offer, the service, the vendor service, and after sale support.

I would definitely recommend this product.

View full review »
it_user841920 - PeerSpot reviewer
Business Development Manager at a tech services company with 10,001+ employees

Most important criteria when choosing to partner with a company: I started working with IBM only one year back. When I started a partnership with them, IBM had the security portfolio which covered most of the region where my customers were. IBM has a name with the support along the quality of its products.

View full review »
it_user279198 - PeerSpot reviewer
CEO at a government

We've had a relationship for some time, over 20 years now, with IBM. It's really about the products, in terms of what we are looking for. That's really the deciding factor in deciding whether we'd use them for a particular solution.

View full review »
Buyer's Guide
HCL AppScan
March 2024
Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.