TrustRadius
AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018.AppScan helps up keep Web Apps in ComplianceWe use IBM AppScan as part of our overall vulnerability management program. These assessments are in depth and use several tools, AppScan being the tool we use to look for application vulnerabilities in our Web applications. We do a pre-production security assessment on all applications before they go live in our environment. In addition we do regularly repeated scans which primarily look for patching compliance and new vulnerabilities that may affect these applications.,AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10. Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers. Technical reports include remediation information and cross reference CVSS scores Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance,We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment. We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.,8,The positive impact is that it gives us a way to identify and remediate vulnerabilities in our web applications prior to being placed in production,Rapid7 AppSpider, Veracode and Qualysguard Web Application Scanning,Rapid7 Nexpose, LogRhythm
Unspecified
HCL AppScan (formerly from IBM)
3 Ratings
Score 8.5 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

HCL AppScan Reviews

HCL AppScan
3 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 8.5 out of 101
Show Filters 
Hide Filters 
Filter 3 vetted HCL AppScan reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role

Reviews (1-1 of 1)

  Vendors can't alter or remove reviews. Here's why.
Seth Shestack profile photo
September 12, 2018

HCL AppScan Review: "AppScan helps up keep Web Apps in Compliance"

Score 8 out of 10
Vetted Review
Verified User
Review Source
We use IBM AppScan as part of our overall vulnerability management program. These assessments are in depth and use several tools, AppScan being the tool we use to look for application vulnerabilities in our Web applications.
We do a pre-production security assessment on all applications before they go live in our environment. In addition we do regularly repeated scans which primarily look for patching compliance and new vulnerabilities that may affect these applications.
  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
  • We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment.
  • We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.
This application is well suited for all web applications with the primary difficulty being that is does not handle federated logins.
However since we have validated our federation and vetted it well it is not a critical issue to bypass federation for scanning a site, only an inconvenience as we have to setup bypass authentication and then remove so that is cannot be used by an attacker.
Read Seth Shestack's full review

HCL AppScan Scorecard Summary

About HCL AppScan

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018.
Categories:  Application Security

HCL AppScan Technical Details

Operating Systems: Unspecified
Mobile Application:No