- CAST Highlight is rated higher in 1 area: Likelihood to Recommend
Likelihood to Recommend
I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.
I would say that HCL AppScan is very simple to understand and use since it uses a user-friendly interface and the terminologies that are used in the interface of the application is very clear. We can automate a scan with any third party like Jenkins. The fact, I don't like is the time takes to execute the application, it should be better.
Engineer in EngineeringComputer Software Company, 10,001+ employees
- Identifies common coding vulnerabilities.
- Compares code to industry best practices.
- Assesses the code for data privacy compliance.
- learns behavior of each application to test application-specific vulnerabilities
- Provides mobile application scan with predefined templates
- Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans.
- We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance.
- Reduce number of false poitives
- Add automation tools to reduce manual effort
- improve user experience
- prepare dynamic dashboards
Team Lead in MarketingInformation Technology & Services Company, 5001-10,000 employees
Premium Consulting/Integration Services
Entry-level set up fee?
$25,000 per year
Premium Consulting/Integration Services—
Entry-level set up fee?
CAST Highlight 10.0
Based on 2 answers
Tech support and pro services are top-notch.
No answers yet
No answers on this topic
These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
We have been using AppScan for about 14 years (Before it was acquired by IBM). A few years ago we did an upgrade from the standard edition to the enterprise edition (to allow several users at once) in order to accommodate the growth of our team. Prior to this upgrade we looked at several other products and decided to stay with AppScan.One of the major reasons was our familiarity with this product so that we could upgrade without the need to train our staff on a new product. All of these products were very close in comparison so we found no compelling reason to change.
Return on Investment
- I believe once we had the tool working for our code base, we immediately saw positive ROI.
- We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you.
- There are countless implementations to accomplish the same thing, and so many configurations are required.
- Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
- Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.