The most valuable feature of the solution stems from the fact that it is good to run the scan faster. You can basically run the scan and take a break at work since the tool will compute the results, which makes the product quite intuitive. HCL AppScan doesn't require constant monitoring.

The product is useful, particularly in its sensitivity and scanning capabilities. Additionally, it allows for investigation while the developer is writing the code. It is a more efficient process compared to other tools like App Scan.

The reporting part is the most valuable feature.

SAST is the only feature that works using the on-prem version. It's becoming very difficult for us to integrate it with the other SecOps solutions. It is a very good solution but only when using the standard version.

The most valuable feature of the solution is the scanning or security part.

The product has valuable features for static and dynamic testing. It is one of the leaders in the market amongst SAST solutions.

It depends on the application, but it's generally a very user-friendly tool. Anyone can easily learn how to scan and boost their security.  

There are many features that are valuable. such as the APIs. API calls in AppScan, and similar to Burp Suite enterprise edition, which is also for API scans. I can trigger the scan ware API.

The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL.

The solution is easy to use. It is useful for finding basic information about systems.

The most valuable feature of the solution is Postman. As a security engineer, Postman allows me to specify exactly what information I need to scan for, rather than just dropping all information and running a scan. I can also use it to do some information gathering before scanning. This allows me to specify APIs and scan accordingly. The feature also saves us time.

The most valuable feature is the web scan from our perspective. Being able to quickly find the vulnerabilities if any developer has inadvertently put them in. The source scan is of value, but it is so hard to use that it is of less value.

The scanning is quite good. It's good for helping us seek out vulnerabilities and fixing hot spots. 

The pricing is fine. 

It's on a managed cloud, and that makes it very easy. It's straightforward to use.

The solution has been stable, and we haven't really had downtime. 

It's stable. 

Technical support is helpful.

The UI was very intuitive. It was very easy to understand. It was very easy to scan the websites, see the results, and deliver them to higher management.

Compared to other tools only AppScan supports special language.

The most valuable feature of HCL AppScan is scanning QR codes.

AppScan is within the top three or four static analyzers. Its features include support for many languages. 

The product has a relatively reasonable scan time.

There's extensive functionality with custom rules and a custom knowledge base.

For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted.

The dynamic scan, the DAST tool, dynamic applications scanning and testing tool, is great.

It was easy to set up.

It's a stable solution.

The product is easy to scale. 

The solution is affordable and reasonably priced.

The security and the dashboard are the most valuable features.

The solution offers services in a few specific development languages.

There's a recording feature that I really like. You pass through the login pages. If you record the login part, it becomes very fast with the solution.

It helps you to enforce security practices, beyond the reach of just operations and training. So give the training, but besides that you can detect some deviations in the development process. I think that's the most valuable of all the features.

We are currently using it in the integration of our agile process so we can find any breaches in the apps while they're in the development process. We can then fix breaches before they go into a production environment.

It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply.

That being said, we have to be very rigorous about what we are protecting, such as the type of data and the code itself. Having those features in the app is a huge must.

The most valuable feature of this product is its capability to detect XSS and SQL injection.

It's a good product. It's automated crawler identifies all urls and performs security tests. It has a very rich test cases which ensures pretty good coverage in terms of security testing. The UI is user friendly and intuitive. 

Scalability, and it's a very powerful tool.

It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code.

Many features are valuable but some features stand out, like using our own scripts, and capturing the authentication.

Its integration from a UI perspective. You can easily find particular features and functions through the UI. 

For its first initial release, the integration was pretty good.

We leverage it as a quality check against code.

AppScan seems to be very good at detecting reflected XSS vulnerabilities. This increases the security of web applications that are in operation.

The most valuable feature is that it achieves a very low false-positive detection rate.

It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings.

The static scans are good, and the SaaS as well. 

I think it's easy to use and gives back some pretty good results, certainly for vulnerabilities.