AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
N/A
Sauce Labs
Score 6.9 out of 10
N/A
Sauce Labs is a cloud-based platform
for automated testing of desktop and mobile applications. It is designed to be instantly scalable, since it is optimized for continuous
integration workflows. (The vendor says that when tests are automated and run in parallel on
multiple virtual machines across many different browser, platform and device
combinations, testing time is reduced and developer time is freed up from
managing infrastructure.) The Sauce Labs testing cloud is intended to be paired…
In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.
Having used some of the competitor's tools over the year I would say that SauceLabs provides a lot of value for money if you plan to run long sets of tests with high frequencies. Paying for a single slot means you can run tests whenever you want without creeping costs but it does make running tests in parallel require an extra slot. Currently, our test suite takes over three hours to run and at the moment it is cost prohibitive to purchase an extra slot. However, having access to live testing and integration with Appium is great.
AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
Technical reports include remediation information and cross reference CVSS scores
Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
I've had four changes in account managers over the past couple of years. They ranged from super experienced/advocate to some that seems relatively junior/a bit removed. I understand this happens but clarity on what I can expect with these partnerships would be valuable. What I've gotten in the end has varied dramatically.
As we currently know, there's nothing on the market with a big feature set like saucelabs at their current price point. Along with the business not having to learn a whole new tool to use again and the ability to refresh our private devices and the continuously growing number of public devices available and features.
It is an incredibly easy service to use for what its primary intention is. The only reason a point is deducted is because more feature enrichment can be done around the Sauce Connect Proxy utility and the Jenkins Sauce OnDemand plugin. User Account administration also needs more work, such as the addition of user groups, rather than a simple hierarchy of users.
Yes, Sauce labs is always there, and it is easy to troubleshoot when you are having any connectivity issue, they always keep you informed when they plan to perform any type of maintenance window on their side in advance, so you can plan and will not affect your current work. I do not recall any outage.
The time where they acquired TestObject and were trying to integrate their services would probably be the most annoying time. Annoying as features were in two separate places (websites) for example. But since the introduction of their unified platform, we haven't run into any issues as of yet and we've used them for at least 5-6 years now.
The people here are just so friendly and personable. For instance, Tristan Lombard answered every single email with a very cheery tone and not only did he diagnose my issue, he also made sure to ask how my day was going. Keep it up
I am not sure if it's my company that makes getting Sauce Labs integrated into the team difficult or is it Sauce Labs. The process for getting Sauce Labs for a project is quite a tedious process and the information for using Sauce Labs initially is quite lacking. There is little support for getting started
Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues
We have also tested out Browser Stack, which at the time was more geared towards manual testing. Although it appeared to support more mobile devices/browsers, we also wanted something that can plugin in easily with our existing Selenium test scripts. Sauce Labs was definitely more geared towards our goals at the moment which were to automation functional/regression testing and build it into our release pipeline.
With private devices, you have full reign over usage of them, so no complaints there. Public devices are available if no one else is using it, which is understandable. Browser VMs are based on number of open sessions and Saucelabs give you a certain number depending on what you need. If you need more, then you pay for more. It is as simple as that. You need more devices, then you can pay for more private ones too. A workaround for public devices is to pick the first available one and not be too picky, that's if you are able to of course.
There are countless implementations to accomplish the same thing, and so many configurations are required.
Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.
