AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
N/A
Visual Studio Test Professional
Score 6.9 out of 10
N/A
Microsoft's Visual Studio Test Professional is a performance testing solution.
In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.
It would be well suited if we used it with Azure DevOps as we can effortlessly integrate the test cases and even stories or tasks to stay on track with our work. Those test cases can even be reused across multiple projects. Using any other third-party tools, such as Jira, can be less appropriate, as it's not a Microsoft tool, and its capabilities will be limited.
AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
Technical reports include remediation information and cross reference CVSS scores
Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
The user community of the Visual Studio Test product is weak. For instant problems with this product, it is necessary to quickly reach the source of the error.
Licence fees need to be more reasonable. License prices need to be reduced so that they can easily compete with free testing tools.
It is very usable if you are familiar with Visual Studio to begin with. If you are new to the interface, it can be a long ramp up period for Testers not used to the GUI. There is always the web option which seems to be more intuitive for many Testers.
Visual Studio Test Professional is backed up by the full support of the Microsoft Corporation. That means twenty-four/seven customer support by quality, highly-trained professionals who understand every possible issue that you have experienced before. They are nice, efficient, and highly professional. I recommend them.
Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues
The visual Studio Test tool is faster than other tools. Since the development and testing processes are in one tool, it is more profitable in terms of cost. It is more inconvenient to write a test case in DevOps.
There are countless implementations to accomplish the same thing, and so many configurations are required.
Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.
One of the positive ROIs of Visual Studios is the fact that it makes producing our work at a quick rate, things like Intellisense make our work get produced at a much higher rate which is good for our return of investment.
Testing by the developers has increased by 23%, we now take the time to actually test our product before we send it to our QA people.
I am not aware of any negative ROI aspects to our company that have been found.
