AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
N/A
Tanium
Score 9.2 out of 10
N/A
Tanium delivers Autonomous Endpoint Management (AEM) with the goal of allowing security-conscious organizations to break down silos between IT and Security operations that results in reduced complexity, cost, and risk.
In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.
Tanium is well suited for organizations where enterprise infrastructure has great significance and needs to be properly managed as well as protected. Most organizations depend upon their infrastructure to sustain so Tanium can be a boon for them to sustain in this competitive market. However, Tanium is less appropriate for the traditional offices that don't have or have a less online presence.
AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
Technical reports include remediation information and cross reference CVSS scores
Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
One issue is its ring topology, as the data is stored in central hubs and pushed through its peer nodes. If the central hub fails, then the associated node will also result in failure.
Another problem is that all Tanium management is on premises requiring the customer to maintain it. If we want ask any help from Tanium support we always get a response like "you are maintaining it yourselves and it's your responsibility.
The Tanium User Interface could be improved a bit as, although the tool is rich in performance, a more impressive UI might really attract new customers.
Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues
Tanium is always my first choice, so much excellent feedback online from genuine users, easy to use in any system environment, and value for money, so many good things about Tanium stacks up against all the other competitors in the market. Tanium is one of the most reliable and trusted risk and compliance management software.
There are countless implementations to accomplish the same thing, and so many configurations are required.
Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.
