HCL AppScan vs. Tenable Security Center

In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.

Incentivized

[Tenable.sc (formerly SecurityCenter)] does very well for internal scanning for vulnerabilities, however it needs to be combined with Tenable.io in order to do cloud scanning.

Incentivized

• AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
• Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
• Technical reports include remediation information and cross reference CVSS scores
• Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance

Incentivized

• Vulnerability management from one place
• Maximum endpoint visibility
• Easy to set up and plan the structure
• Support desk quickly responses
• Well-prepared documentation
• Broad scanning type
• Supports various compliance standards
• User groups allows coordination between teams

• It can have a FAQ session in the Application itself.
• It can recommend the fix for the error that occurred during the scan.
• Like its storing multiple manuals explore, It should have the capability of storing multiple logins.

Incentivized

• Centralized vulnerability management with sensors.
• Network health assessment and Incident response.
• For alerting or notification, it should also support the SMS gateway.

Incentivized

based on product capabilities and usage

On all of the occasions that I have had to reach out to Tenable for assistance, they have been extremely helpful and knowledgeable. Solutions and support are provided quickly, and they work on the issue until it is resolved.

Incentivized

Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues

Incentivized

We decided to go with Tenable due to its robust reporting capabilities and competitive pricing vs its competitors. While all tools are very similar in regards to scanning capabilities we prefer Tenable SC's user interface. We also like the option to have both on-prem and cloud with theirs. Tenable io product as well.

Incentivized

• There are countless implementations to accomplish the same thing, and so many configurations are required.
• Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
• Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.

Incentivized

• Create internal/operational efficiencies
• Improve compliance & risk management
• Cost management
• Solid vulnerability scanner
• Ease, of use, and capabilities when it comes to analyzing vulnerabilities is what makes this product stand out

Incentivized