What users are saying about

Armor

25 Ratings

Armor

25 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.2 out of 101

IBM Security AppScan

2 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.3 out of 101

Add comparison

Likelihood to Recommend

Armor

For managed security hosting, Armor can hardly be beat. Expensive but worth it.
LJ Wilson profile photo

IBM Security AppScan

This application is well suited for all web applications with the primary difficulty being that is does not handle federated logins.However since we have validated our federation and vetted it well it is not a critical issue to bypass federation for scanning a site, only an inconvenience as we have to setup bypass authentication and then remove so that is cannot be used by an attacker
Seth Shestack profile photo

Pros

  • They do a great job on base security concepts by only allowing direct access to servers through a VPN which prevents most unauthorized access. All ports are initially blocked off and can only be opened by request through ticketing and a digitally signed waiver.
  • They help tremendously in the design and implementation of the network during the onboarding phase. They also make an engineer personally responsible for all technical issues during the onboarding phase to ensure that somebody who fully understands the project is always available to handle requests, answer questions, or assist with any issues.
  • The systems are fully managed and stay security patched as patches are made available for your chosen platform. They monitor 24/7 for high CPU/memory issues and other potential issues with the server. They open tickets on these issues proactively and work to resolve them for you immediately.
No photo available
  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
Seth Shestack profile photo

Cons

  • It would be great if the server dashboard was more stable. Where we seem to have most of our issues is when adding/removing servers and manual scales.
  • I would like a view into my firewalls so I can actually see what is open/closed even if I can't specifically configure it from there.
  • I would prefer my new account managers introduce themselves instead of just appearing out of nowhere when I've emailed our old account manager for something.
No photo available
  • We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment.
  • We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.
Seth Shestack profile photo

Support

Armor7.8
Based on 13 answers
Approximately 50% of all messages we receive are automated. Either that an agent will be assigned, has been assigned, or a ticket is closed. I'd like to see more 'real' interaction, and less box ticking, though I appreciate process has to be followed. That's the one point off. Everything else is very good.
No photo available
No score
No answers yet
No answers on this topic

Alternatives Considered

No answers on this topic
We have been using AppScan for about 14 years (Before it was acquired by IBM). A few years ago we did an upgrade from the standard edition to the enterprise edition (to allow several users at once) in order to accommodate the growth of our team. Prior to this upgrade we looked at several other products and decided to stay with AppScan.One of the major reasons was our familiarity with this product so that we could upgrade without the need to train our staff on a new product. All of these products were very close in comparison so we found no compelling reason to change.
Seth Shestack profile photo

Return on Investment

No answers on this topic
  • The positive impact is that it gives us a way to identify and remediate vulnerabilities in our web applications prior to being placed in production
Seth Shestack profile photo

Pricing Details

Armor

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

IBM Security AppScan

General
Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details