HCL AppScan vs. ReadyAPI vs. Visual Studio Test Professional

In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.

Incentivized

As stated, we do a LOT of API testing, the swaggerhub import makes it easy to add APIs. This is very well-suited, as well as easy management of the steps/cases/suites inside of ReadyAPI. The one thing I do wish ReadyAPI was better suited for is changes to data, we have a lot of test cases in ReadyAPI and if we make a change to how the backend data is structured, one-by-one adjustments need to be made to the steps. Less appropriate, UI testing.

Incentivized

It would be well suited if we used it with Azure DevOps as we can effortlessly integrate the test cases and even stories or tasks to stay on track with our work. Those test cases can even be reused across multiple projects. Using any other third-party tools, such as Jira, can be less appropriate, as it's not a Microsoft tool, and its capabilities will be limited.

Incentivized

• AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
• Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
• Technical reports include remediation information and cross reference CVSS scores
• Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance

Incentivized

• Ease of use (ability to automatically import API definitions, Jenkins integration for running in the pipeline).
• Detailed test reports (allow to easily identify weak spots during both functional and performance testing).
• One platform for all tests (allows to closely couple and reuse existent tests).

Incentivized

• Availability of the desktop client or the web interface. The web interface being the favorite and providing a better experience.
• It enables you to write unit tests with so much ease.
• Allows the recording and repeating of manual tests
• It can be set up for collaboration.

Incentivized

• It can have a FAQ session in the Application itself.
• It can recommend the fix for the error that occurred during the scan.
• Like its storing multiple manuals explore, It should have the capability of storing multiple logins.

Incentivized

• Needs good documentation
• Need to improve the performance of the tool
• Setup is very complex and for such [a] commercial tool, it should easy and straightforward
• Tool says it supports security testing but in reality, it is not at an extensive level.

Incentivized

• The user community of the Visual Studio Test product is weak. For instant problems with this product, it is necessary to quickly reach the source of the error.
• Licence fees need to be more reasonable. License prices need to be reduced so that they can easily compete with free testing tools.

Incentivized

The only reason this isn't a '10' is because of the cost. This product is definitely meant for organizations who are serious about making sure they invest in the full ecosystem of API design, development, maintenance. But there is a significant cost associated with this investment. and because of this cost (and the non-tangible output for executives), it is a difficult line-item to justify in this post-pandemic environment.

Incentivized

SoapUI allows us to combine multiple tests and adhere
to the sequence that they need to run in order to complete successfully.
It has an excellent GUI design and the reporting mechanism is also very
good. It does consume a lot of memory though during concurrent testing

It is very usable if you are familiar with Visual Studio to begin with. If you are new to the interface, it can be a long ramp up period for Testers not used to the GUI. There is always the web option which seems to be more intuitive for many Testers.

Incentivized

Soap UI has managed to continuously build on it's solid foundation and keep improving by each release. It is by far the most dependable and accurate testing tool out there of its kind. Available via connecting to VM's created as SoapUI test machines give access to it anytime, anywhere practically.

It has an excellent GUI design and the reporting mechanism is also very
good. It does consume a lot of memory though during concurrent testing.

To be honest, we didnt had much issues with the support, as there is already plenty of online communities available for help. But if ever there were some minor issues with the membership or the certificates, the tech support was always quick and efficient enough to resolve the issue ASAP

Incentivized

Visual Studio Test Professional is backed up by the full support of the Microsoft Corporation. That means twenty-four/seven customer support by quality, highly-trained professionals who understand every possible issue that you have experienced before. They are nice, efficient, and highly professional. I recommend them.

Incentivized

no very easy but lacks documentation

Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues

Incentivized

ReadyAPI provides intuitive GUI capabilities compared to their own open source product. When compared to Postman, ReadyAPI also supports SOAP based services, which is a saver especially when integrating with legacy or other third party systems.

Incentivized

The visual Studio Test tool is faster than other tools. Since the development and testing processes are in one tool, it is more profitable in terms of cost. It is more inconvenient to write a test case in DevOps.

It has an excellent GUI design and the reporting mechanism is also very
good. It does consume a lot of memory though during concurrent testing. However, I have read that added monitoring tools have been added, which if so the 7 could possibly go to a 8 or 9.

• There are countless implementations to accomplish the same thing, and so many configurations are required.
• Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
• Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.

Incentivized

• Very quick regression testing, hence having the testing results very soon, even the same day of deployment
• for same above reason, it can save money for corporation (so no tedious, costly and erroneous manual testings)
• The test reports are compatible with TestNG, so the corporation can integrate the reports in our Autamation frameworks such as Allure or Jira Zephyr

Incentivized

• One of the positive ROIs of Visual Studios is the fact that it makes producing our work at a quick rate, things like Intellisense make our work get produced at a much higher rate which is good for our return of investment.
• Testing by the developers has increased by 23%, we now take the time to actually test our product before we send it to our QA people.
• I am not aware of any negative ROI aspects to our company that have been found.

Incentivized