HCL AppScan

HCL AppScan Reviews

Do you work for this company? Learn how we help vendors

Ratings and Reviews
(1-3 of 17)

Companies can't remove reviews or game the system. Here's why
November 07, 2021

HCL AppScan insights

Score 7 out of 10
Vetted Review
Verified User
Review Source
HCL AppScan provides mobile application scan with predefined templates integration with common code repositories supported Supports 13+ languages including C/C++, COBOL, ColdFusion, Java™ , Android, JSP, JavaScript, Perl, PHP, PL/SQL/T-SQL, C#, ASP.NET, and VB.NET on the other hand, it requires upfront planning for setup and configuration the recording of the application is crucial to have valuable test completion There is quite a complex list of supported browsers May be resource intensive which can cause long run-times for dynamic scans the application crashes sometimes
  • learns behavior of each application to test application-specific vulnerabilities
  • Provides mobile application scan with predefined templates
  • simplify the upfront planning for configuration
  • improves the resource management to prevent from crashes and timeout
strengths : identifies Static and Dynamic Security vulnerabilities, has IDE plugins for ease of use like VS Plugin, Eclipse Plugin, IntelliJ, etc
Challenges : support build of code files prior to scan, offers limited static analysis features for data identification and runtime data tracking
Score 8 out of 10
Vetted Review
Verified User
Review Source
HCL AppScan (formerly from IBM) is an application security solution that helps my team to review security flaws and bugs in developing applications. HCL AppScan is a source code analysis tool usually known as Static Application Security Testing (SAST) Tool. The solution is well-engineered and is rated among the leaders in the market. It helped my team reduce errors and ensure we followed security best practices in our software development cycle.
  • Vulnerability reporting
  • Static code analysis
  • Remediation
  • DevSecOps
  • Reduce number of false poitives
  • Add automation tools to reduce manual effort
  • improve user experience
  • prepare dynamic dashboards
HCL AppScan (formerly from IBM) is well suited for reducing security flaws in my team's secure code development. The software identifies a lot of issues automatically which helps us reduce delivery time and prevent security breaches. HCL AppScan (formerly from IBM) lacks innovation and automation functionalities, while other tools offer artificial intelligence-driven analysis that helps the team reduce time and money. Also, there is a need to reduce false-positives generated by the solution
Score 8 out of 10
Vetted Review
Verified User
Review Source
We use IBM AppScan as part of our overall vulnerability management program. These assessments are in depth and use several tools, AppScan being the tool we use to look for application vulnerabilities in our Web applications.
We do a pre-production security assessment on all applications before they go live in our environment. In addition we do regularly repeated scans which primarily look for patching compliance and new vulnerabilities that may affect these applications.
  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
  • We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment.
  • We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.
This application is well suited for all web applications with the primary difficulty being that is does not handle federated logins.
However since we have validated our federation and vetted it well it is not a critical issue to bypass federation for scanning a site, only an inconvenience as we have to setup bypass authentication and then remove so that is cannot be used by an attacker.

HCL AppScan Scorecard Summary

What is HCL AppScan?

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

HCL AppScan Pricing

HCL AppScan Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

What is HCL AppScan?

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

Who uses HCL AppScan?

The most common users of HCL AppScan are from Mid-size Companies and the Information Technology & Services industry.