What users are saying about
6 Ratings
2 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 9.5 out of 100
6 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener noreferrer'>trScore algorithm: Learn more.</a>
Score 7.6 out of 100

Likelihood to Recommend

CAST Highlight

I think CAST is a great tool to give insight into your applications. The tool can be met with resistance from team members as the tool is going to expose defects that should be addressed. Out of the box, it may need some tailoring to focus on certain areas so that you are not overwhelmed with defects the first time you scan your code. But ultimately, you will want to eliminate all defects in the code and have all violations turned on.
Gene Baker | TrustRadius Reviewer

HCL AppScan

This application is well suited for all web applications with the primary difficulty being that is does not handle federated logins.However since we have validated our federation and vetted it well it is not a critical issue to bypass federation for scanning a site, only an inconvenience as we have to setup bypass authentication and then remove so that is cannot be used by an attacker
Seth Shestack | TrustRadius Reviewer

Pros

CAST Highlight

  • Identifies common coding vulnerabilities.
  • Compares code to industry best practices.
  • Assesses the code for data privacy compliance.
Gene Baker | TrustRadius Reviewer

HCL AppScan

  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
Seth Shestack | TrustRadius Reviewer

Cons

CAST Highlight

  • Code scans could be faster. A large application may need to be broken down into smaller sub-applications in order to facilitate faster code scans.
  • We spent a lot of time trying to figure out how to best structure our code base in the application for ultimate performance.
Gene Baker | TrustRadius Reviewer

HCL AppScan

  • We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment.
  • We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.
Seth Shestack | TrustRadius Reviewer

Support Rating

CAST Highlight

CAST Highlight 10.0
Based on 1 answer
Tech support and pro services are top-notch.
Gene Baker | TrustRadius Reviewer

HCL AppScan

No score
No answers yet
No answers on this topic

Alternatives Considered

CAST Highlight

These other tools only do a part of what CAST does. CAST gives a comprehensive view into the code looking at all aspects, code quality, security, maintainability, vulnerability, privacy, reuse, etc. These other tools only focus on one or two dimensions.
Gene Baker | TrustRadius Reviewer

HCL AppScan

We have been using AppScan for about 14 years (Before it was acquired by IBM). A few years ago we did an upgrade from the standard edition to the enterprise edition (to allow several users at once) in order to accommodate the growth of our team. Prior to this upgrade we looked at several other products and decided to stay with AppScan.One of the major reasons was our familiarity with this product so that we could upgrade without the need to train our staff on a new product. All of these products were very close in comparison so we found no compelling reason to change.
Seth Shestack | TrustRadius Reviewer

Return on Investment

CAST Highlight

  • I believe once we had the tool working for our code base, we immediately saw positive ROI.
  • We spent some time getting to where our code code be scanned efficiently but some of that was trying to do things ourselves instead of fully utilizing Cast Professional Services. I highly recommend to do an engagement with CAST to have them help setup the tool in your environment or to run it in the cloud for you.
Gene Baker | TrustRadius Reviewer

HCL AppScan

  • The positive impact is that it gives us a way to identify and remediate vulnerabilities in our web applications prior to being placed in production
Seth Shestack | TrustRadius Reviewer

Pricing Details

CAST Highlight

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

HCL AppScan

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No

Add comparison