What users are saying about
3 Ratings
3 Ratings
3 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.5 out of 101
3 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.1 out of 101

Likelihood to Recommend

HCL AppScan

This application is well suited for all web applications with the primary difficulty being that is does not handle federated logins.However since we have validated our federation and vetted it well it is not a critical issue to bypass federation for scanning a site, only an inconvenience as we have to setup bypass authentication and then remove so that is cannot be used by an attacker
Seth Shestack profile photo

Qualys WAS

If you are a company with limited resources and are looking for a reasonable solution for your WAS security needs then I highly recommend Qualys WAS. It is a great tool for quick and one-off testing of web applications.
Larry Sullivan profile photo

Pros

HCL AppScan

  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
Seth Shestack profile photo

Qualys WAS

  • Discovering simple to fix vulnerabilities like cross-site scripting or SQL injection are a breeze using Qualys WAS.
  • Since it is cloud based running the tests from anywhere is a great feature.
  • Qualys WAS is very cost effective. Having the tests automated lets you get a jump on the fixes without having to manually test each and every application manually.
Larry Sullivan profile photo

Cons

HCL AppScan

  • We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment.
  • We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.
Seth Shestack profile photo

Qualys WAS

  • Sometimes support can be a bit slow off the mark but in general it is good.
  • The scans can take longer than anticipated.
  • The reports can take a lot of customizing.
Larry Sullivan profile photo

Alternatives Considered

HCL AppScan

We have been using AppScan for about 14 years (Before it was acquired by IBM). A few years ago we did an upgrade from the standard edition to the enterprise edition (to allow several users at once) in order to accommodate the growth of our team. Prior to this upgrade we looked at several other products and decided to stay with AppScan.One of the major reasons was our familiarity with this product so that we could upgrade without the need to train our staff on a new product. All of these products were very close in comparison so we found no compelling reason to change.
Seth Shestack profile photo

Qualys WAS

No answers on this topic

Return on Investment

HCL AppScan

  • The positive impact is that it gives us a way to identify and remediate vulnerabilities in our web applications prior to being placed in production
Seth Shestack profile photo

Qualys WAS

  • As a consultant Qualysguard WAS is a great tool in my toolbox for testing Web Applications for small to medium companies.
  • Fast and efficient you can start a consulting job quickly, giving feedback to a client almost immediately.
  • Never leave home without it.
Larry Sullivan profile photo

Pricing Details

HCL AppScan

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Qualys WAS

General

Free Trial
Free/Freemium Version
Premium Consulting/Integration Services
Entry-level set up fee?
No
Additional Pricing Details

Add comparison