AcuSensor from Maltese company Acunetix is application security and testing software.
$4,500
HCL AppScan
Score 4.3 out of 10
N/A
AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
N/A
Tanium
Score 9.2 out of 10
N/A
Tanium delivers Autonomous Endpoint Management (AEM) with the goal of allowing security-conscious organizations to break down silos between IT and Security operations that results in reduced complexity, cost, and risk.
It is best suited for integrated security testing of applications which are hosted on web servers. The most important thing is the integration of DevSecOps which is crucial in today's fast paced environment of rapid development. The core of Acunetix is application scanning which is really great and I highly recommend this product to everyone
In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.
Tanium is well suited for organizations where enterprise infrastructure has great significance and needs to be properly managed as well as protected. Most organizations depend upon their infrastructure to sustain so Tanium can be a boon for them to sustain in this competitive market. However, Tanium is less appropriate for the traditional offices that don't have or have a less online presence.
AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
Technical reports include remediation information and cross reference CVSS scores
Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
One issue is its ring topology, as the data is stored in central hubs and pushed through its peer nodes. If the central hub fails, then the associated node will also result in failure.
Another problem is that all Tanium management is on premises requiring the customer to maintain it. If we want ask any help from Tanium support we always get a response like "you are maintaining it yourselves and it's your responsibility.
The Tanium User Interface could be improved a bit as, although the tool is rich in performance, a more impressive UI might really attract new customers.
ZAP is a free tool, and adequate. But it is to that extent less friendly. I would not be as confident of the results and it definitely can't produce reports on par with Acunetix. There would be a lot of legwork on our end if we desired to switch to this tool.
Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues
Tanium is always my first choice, so much excellent feedback online from genuine users, easy to use in any system environment, and value for money, so many good things about Tanium stacks up against all the other competitors in the market. Tanium is one of the most reliable and trusted risk and compliance management software.
Saved money compared to other commercial scanners, especially over the long run.
Scan speed seems to be pretty good compared to some of the bulkier commercial products out there. However, that largely has to do with proper configuration.
A downside is that is requires a bit of extra work just to get it set up to scan APIs, web services, etc.
There are countless implementations to accomplish the same thing, and so many configurations are required.
Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.
