AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
N/A
Postman
Score 8.8 out of 10
N/A
Postman, headquartered in San Francisco, offers their flagship API development and management free to small teams and independent developers. Higher tiers (Postman Pro and Postman Enterprise) support API management, as well as team collaboration, extended support and other advanced features.
$0
Pricing
HCL AppScan
Postman
Editions & Modules
No answers on this topic
Postman Free Plan
$0.00 US Dollars
Postman Basic Plan
$12 US Dollars
per month per user
Postman Professional Plan
$29 US Dollars
per month per user
Postman Enterprise Plan
$99 US Dollars
per month per user
Offerings
Pricing Offerings
HCL AppScan
Postman
Free Trial
Yes
No
Free/Freemium Version
No
Yes
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
1. Postman Free plan: Start designing, developing, and testing APIs at no cost for teams of up to three people.
2. Postman Basic plan: Collaborate with your team to design, develop, and test APIs faster; $12/month per user, billed annually
3. Postman Professional plan: Centrally manage the entire API workflow; $29/month per user, billed annually
4. Postman Enterprise plan: Securely manage, organize, and accelerate API-first development at scale; $99/month per user, billed annually
More Pricing Information
Community Pulse
HCL AppScan
Postman
Features
HCL AppScan
Postman
API Management
Comparison of API Management features of Product A and Product B
In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.
Postman is good for organising your API credentials, vendor settings, environments etc. It's also a good way of getting stared with APIs as you get to use a GUI which can help you understand what we mean by a 'body' or 'bearer token'. I think people generally gravitate towards GUI tools for getting started in a new technology area.
AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
Technical reports include remediation information and cross reference CVSS scores
Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
It has opened a door for me to explore more out of it, as it is associated with so many APIs that I never felt any difficulty in finding the right API template, which are well organized and easily available.
It is very secure to use and provides great services which are user-friendly.
Due to this software I have got rid of the excessive emails and the slack channels, Now I am using my own private API and even it give me an option to produce my personal Postman’s API Builder from its Private API Network and this features has shared my excessive workload.
1. Friendly user friendly - when I started using Postman, I was a beginner to the API world, and it gave me a friendly view to begin its usage 2. Postman offers many features, including API testing, monitoring, documentation, and mock servers 3. Environment variables simplify testing across multiple environments (dev, prod) without repetitive configuration.
There is a lot of in-depth documentation for Postman available online, including detailed guides with screenshots and videos. They provide example APIs for new users to explore while learning how to use the tool. Generally, bugs in the client are quickly addressed through frequent free updates. Community and professional support options are available - most of the time, the free/community level support is adequate
Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues
Previous to using Postman, I would either use browser tools directly, or write an in-house tool to send requests. Postman eliminates that need while providing a much better experience and more features. At the base level, Postman is as simple as typing in the address as you would in a browser. Authentication can be provided simply as well.
There are countless implementations to accomplish the same thing, and so many configurations are required.
Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.
Postman is free (although there's a paid tier that offers more features) so using it for testing APIs comes with little to no risk (besides learning curve).
The learning curve is a little steep for non-developer users, but developers should find it easy to pick up and use right out of the box, so to speak.
