AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
N/A
Synopsys Coverity
Score 8.3 out of 10
N/A
Synopsys offers the Coverity static application security testing (SAST) solution, to help users build software that’s more secure, higher-quality, and compliant with standards.
N/A
Pricing
HCL AppScan
Coverity Static Analysis (SAST)
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
HCL AppScan
Synopsys Coverity
Free Trial
Yes
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
Optional
Additional Details
—
Contact the Synopsys Software Integrity Group (SIG) Sales team at https://www.synopsys.com/software-integrity/contact-sales.html for more detailed pricing information.
I would say that HCL AppScan is very simple to understand and use since it uses a user-friendly interface and the terminologies that are used in the interface of the application is very clear. We can automate a scan with any third party like Jenkins. The fact, I don't like is the time takes to execute the application, it should be better.
Best suits for large scale and dynamic development environment. It may be best tool if you want to release your apps with less TAT. However if you have a CRM tool which is COTS product it can offer little help. Even then you should be familiar with what features of Coverity Static Analysis (SAST) are helpful for your development environment
AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
Technical reports include remediation information and cross reference CVSS scores
Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
The functions you want, the points that are difficult to understand.
Issues presented in the vulnerability diagnostic report may not be fully explained and not well understood.
You may think it is very basic and natural, "diagnose screen after login" "diagnose according to input transition ⇒ confirmation ⇒ completion" but to do all this, you need regular expressions, and macros, there are many products that require you to write scripts.
When we used Veracode, it takes a-lot of time to run a source code analysis. It's user interface is also bit clumsy. So we switched to HCL AppScan. It enables enterprises to scan internal and external applications for vulnerabilities. It provides quick and easy access to the most updated security guidelines by scanning applications against the OWASP Top 10 vulnerabilities.
Coverity Static Analysis (SAST) has wide coverage in terms of Owasp Top 10 vulnerabilities, various types of languages, backward integration. While other tools offer similar experience of code scanning, coverity helps in pointed recommendations for quick closure of vulnerabilities. The historical analysis of vulnerabilities is a good value add in understanding which type of code and which language is better in improving cyber security maturity.
