TrustRadius: an HG Insights company

HCL AppScan

Score5.1 out of 10

23 Reviews and Ratings

Get a Demo

What is HCL AppScan?

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

Categories & Use Cases

Media

Cloud Security: AppScan will scan Docker containers and container images to ensure that third party components have not introduced vulnerabilities to an application. Software composition analysis (SCA) tools help organizations inventory third-party commercial and open source components used within their software to understand which components and versions are being used and to identify security vulnerabilities affecting those components.
API Testing: This dangerous attack vector can be secured by identifying vulnerable third-party components, automating and integrating API testing and detecting issues in the IDE.
Auto Issue Correlation: AppScan leverages three technologies (DAST, SAST, IAST) to enrich results, validate fixes and reduce the number remediation tasks by grouping issues together.
30+ Code Languages Supported: HCL AppScan offers an extensive list of supported code languages.

1 / 4

Reviews

What users are saying about HCL AppScan.
View all reviews

An Automated and Integrated Platform that provides a Holistic Visibility into the Security

Incentivized
Sanjana GuptaView profile
Internet Marketing Manager in Marketing at PyramidX (11-50 employees employees)

Use Cases and Deployment Scope

HCL AppScan is an automated and integrated platform that provides a holistic visibility into the security posture of an application. It enables protection of business-critical applications from security threats, vulnerabilities, and compliance violations. It offers best protection in the market right now. HCL AppScan enables our organizations to secure our mobile and web apps by identifying vulnerabilities and flaws before they are deployed into production environment.

Pros

  • Easy to manage
  • Easy to use
  • Easy to connect to our CI/CD pipeline
  • Good documentation
  • Trustful assessment

Cons

  • Cost can be a factor
  • Troubleshooting is a bit difficult.
  • Sometimes take long time for scanning

Most Important Features

  • Easy to configure
  • Stable solution
  • Easy to set up
  • Scanning QR codes

Return on Investment

  • Supports SAST, DAST, IAST and risk-management capabilities
  • Multiple Code Languages Supported
  • Fast and Accurate Application Security Testing

Alternatives Considered

Veracode

Other Software Used

HubSpot Marketing Hub, Evernote, Notion

A tool that can perform diagnostics according to the application specifications.

Incentivized
Brandon R HudsonView profile
Software Engineer in Information Technology at Digi International (501-1000 employees employees)

Use Cases and Deployment Scope

For years I have compared it with products from other companies and free products, but to be honest, the test patterns have become commoditized and I don't think there is a big difference in any product. In addition, the report can be shared with development members, leading to problem-solving.

Pros

  • Programming function.
  • Vulnerability diagnostic report.
  • I think it is convenient to be able to diagnose vulnerabilities regularly with the scheduling function.

Cons

  • The functions you want, the points that are difficult to understand.
  • Issues presented in the vulnerability diagnostic report may not be fully explained and not well understood.
  • You may think it is very basic and natural, "diagnose screen after login" "diagnose according to input transition ⇒ confirmation ⇒ completion" but to do all this, you need regular expressions, and macros, there are many products that require you to write scripts.

Most Important Features

  • It is beneficial in my opinion since there are answers and recommendations for the difficulties.
  • The advantage of AppScan is that it can diagnose according to application specifications.
  • Dynamic diagnostics is basically a test that guarantees quality by the number of test cases.

Return on Investment

  • There are countless implementations to accomplish the same thing, and so many configurations are required.
  • Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
  • Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.

Other Software Used

Teamwork, TeamViewer Meeting, SonicWall SonicWave Series

HCL AppScan insights

Incentivized
Franck Gafsou
Security Architect in Information Technology at AT (10,001+ employees employees)

Pros

  • learns behavior of each application to test application-specific vulnerabilities
  • Provides mobile application scan with predefined templates

Cons

  • simplify the upfront planning for configuration
  • improves the resource management to prevent from crashes and timeout

Most Important Features

  • provides enterprise dashboards to classify and prioritize application assets based on business impact to maximize remediation efforts
  • learns behavior of each application to test application-specific vulnerabilities

Other Software Used

Veracode

HCL AppScan: Things you wished you know before.

Incentivized
Verified User
Engineer in Engineering (10,001+ employees employees)

Use Cases and Deployment Scope

This application helps to perform Dynamic Application Scan, in which the HCL AppScan dynamically navigates through the site and finds any vulnerabilities or fixes that can be done to prevent any future attack. The best thing about this application is the variety of configurations we can do depending on the scenario and the ping capacity.

Pros

  • Test the application
  • Explore the application for vulnerabilities
  • Runs automatic scans

Cons

  • It can have a FAQ session in the Application itself.
  • It can recommend the fix for the error that occurred during the scan.
  • Like its storing multiple manuals explore, It should have the capability of storing multiple logins.

Most Important Features

  • Automate the scan
  • Instant and detailed report
  • The configurations in the application

Return on Investment

  • The time takes to execute the scan.
  • Sometime it pings the DB much frequently that it may come down.
  • It does not sends any notification referring that the scan is completed.

Other Software Used

Veracode

AppScan helps up keep Web Apps in Compliance

Incentivized
Seth ShestackView profile
Executive Director, Deputy CISO in Information Technology at Temple University (5001-10,000 employees employees)

Pros

  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance

Cons

  • We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment.
  • We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.

Return on Investment

  • The positive impact is that it gives us a way to identify and remediate vulnerabilities in our web applications prior to being placed in production

Alternatives Considered

Rapid7 AppSpider, Veracode and Qualysguard Web Application Scanning

Other Software Used

Rapid7 Nexpose, LogRhythm

Related Products

Products similar to HCL AppScan that may also meet your needs.
All comparisons
Checkmarx
CompareLearn more
Veracode
CompareLearn more
Coverity Static Analysis (SAST)
CompareLearn more