TrustRadius: an HG Insights company
Back to Overview
HCL AppScan Logo

HCL AppScan Reviews and Ratings

Rating: 4.6 out of 10
Score
4.6 out of 10

Community insights

TrustRadius Insights for HCL AppScan are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Business Problems Solved

HCL AppScan has been highly regarded by organizations seeking to secure their mobile and web applications. Users have found the tool invaluable for performing Dynamic Application Scans, enabling them to navigate through sites and identify potential vulnerabilities or fixes. The application offers a range of configurations, allowing users to customize their security measures based on their specific needs and capacity. This flexibility has made HCL AppScan a popular choice for conducting in-depth security assessments as part of vulnerability management programs. Users have compared HCL AppScan with other products and free alternatives, noting that the test patterns have become standardized across different solutions. The tool has not only helped teams reduce errors but also ensured adherence to security best practices throughout the software development cycle. Additionally, HCL AppScan provides holistic visibility into the security posture of applications, safeguarding them from threats, vulnerabilities, and compliance violations. Supporting a wide array of languages, this well-engineered source code analysis tool is highly regarded for its static application security testing capabilities. Users have found it easy to share reports generated by HCL AppScan with development members, facilitating collaboration and problem-solving. Furthermore, the tool has been used to pinpoint application vulnerabilities in web applications as well as ensure patching compliance and identify new vulnerabilities. Overall, HCL AppScan has emerged as a reliable solution for organizations looking to proactively address security concerns within their applications.

Reviews

6 Reviews

An Automated and Integrated Platform that provides a Holistic Visibility into the Security

Rating: 10 out of 10
Incentivized

Use Cases and Deployment Scope

HCL AppScan is an automated and integrated platform that provides a holistic visibility into the security posture of an application. It enables protection of business-critical applications from security threats, vulnerabilities, and compliance violations. It offers best protection in the market right now. HCL AppScan enables our organizations to secure our mobile and web apps by identifying vulnerabilities and flaws before they are deployed into production environment.

Pros

  • Easy to manage
  • Easy to use
  • Easy to connect to our CI/CD pipeline
  • Good documentation
  • Trustful assessment

Cons

  • Cost can be a factor
  • Troubleshooting is a bit difficult.
  • Sometimes take long time for scanning

Likelihood to Recommend

In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.

SG
Sanjana Gupta
Internet Marketing Manager in Marketing at PyramidX (11-50 employees)
Vetted Review
HCL AppScan
2 years of experience
View profile

HCL AppScan: Things you wished you know before.

Rating: 7 out of 10
Incentivized

Use Cases and Deployment Scope

This application helps to perform Dynamic Application Scan, in which the HCL AppScan dynamically navigates through the site and finds any vulnerabilities or fixes that can be done to prevent any future attack. The best thing about this application is the variety of configurations we can do depending on the scenario and the ping capacity.

Pros

  • Test the application
  • Explore the application for vulnerabilities
  • Runs automatic scans

Cons

  • It can have a FAQ session in the Application itself.
  • It can recommend the fix for the error that occurred during the scan.
  • Like its storing multiple manuals explore, It should have the capability of storing multiple logins.

Likelihood to Recommend

I would say that HCL AppScan is very simple to understand and use since it uses a user-friendly interface and the terminologies that are used in the interface of the application is very clear. We can automate a scan with any third party like Jenkins. The fact, I don't like is the time takes to execute the application, it should be better.

VU
Verified User
Engineer in Engineering (10,001+ employees)
Vetted Review
HCL AppScan
1 year of experience

A tool that can perform diagnostics according to the application specifications.

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

For years I have compared it with products from other companies and free products, but to be honest, the test patterns have become commoditized and I don't think there is a big difference in any product. In addition, the report can be shared with development members, leading to problem-solving.

Pros

  • Programming function.
  • Vulnerability diagnostic report.
  • I think it is convenient to be able to diagnose vulnerabilities regularly with the scheduling function.

Cons

  • The functions you want, the points that are difficult to understand.
  • Issues presented in the vulnerability diagnostic report may not be fully explained and not well understood.
  • You may think it is very basic and natural, "diagnose screen after login" "diagnose according to input transition ⇒ confirmation ⇒ completion" but to do all this, you need regular expressions, and macros, there are many products that require you to write scripts.

Likelihood to Recommend

Web applications these days have evolved too much and have become extremely complex. With AppScan, the configuration can be done through the GUI by using functions such as "login management" and "multi-step operation". To be honest, there are some parts of these functions that are difficult to understand, but I think we have to wait for more for the arrival of AI.

BR
Brandon R Hudson
Software Engineer in Information Technology at Digi International (501-1000 employees)
Vetted Review
HCL AppScan
3 years of experience
View profile

HCL AppScan insights

Rating: 7 out of 10
Incentivized

Use Cases and Deployment Scope

HCL AppScan provides mobile application scan with predefined templates integration with common code repositories supported Supports 13+ languages including C/C++, COBOL, ColdFusion, Java™ , Android, JSP, JavaScript, Perl, PHP, PL/SQL/T-SQL, C#, ASP.NET, and VB.NET on the other hand, it requires upfront planning for setup and configuration the recording of the application is crucial to have valuable test completion There is quite a complex list of supported browsers May be resource intensive which can cause long run-times for dynamic scans the application crashes sometimes

Pros

  • learns behavior of each application to test application-specific vulnerabilities
  • Provides mobile application scan with predefined templates

Cons

  • simplify the upfront planning for configuration
  • improves the resource management to prevent from crashes and timeout

Likelihood to Recommend

strengths : identifies Static and Dynamic Security vulnerabilities, has IDE plugins for ease of use like VS Plugin,

Eclipse Plugin, IntelliJ, etc

Challenges : support build of code files prior to scan, offers limited static analysis features for data identification and

runtime data tracking

FG
Franck Gafsou
Security Architect in Information Technology at AT (10,001+ employees)
Vetted Review
HCL AppScan
1 year of experience

HCL AppScan a reliable solution for all your application security needs

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

HCL AppScan (formerly from IBM) is an application security solution that helps my team to review security flaws and bugs in developing applications. HCL AppScan is a source code analysis tool usually known as Static Application Security Testing (SAST) Tool. The solution is well-engineered and is rated among the leaders in the market. It helped my team reduce errors and ensure we followed security best practices in our software development cycle.

Pros

  • Vulnerability reporting
  • Static code analysis
  • Remediation
  • DevSecOps

Cons

  • Reduce number of false poitives
  • Add automation tools to reduce manual effort
  • improve user experience
  • prepare dynamic dashboards

Likelihood to Recommend

HCL AppScan (formerly from IBM) is well suited for reducing security flaws in my team's secure code development. The software identifies a lot of issues automatically which helps us reduce delivery time and prevent security breaches. HCL AppScan (formerly from IBM) lacks innovation and automation functionalities, while other tools offer artificial intelligence-driven analysis that helps the team reduce time and money. Also, there is a need to reduce false-positives generated by the solution

VU
Verified User
Team Lead in Marketing (5001-10,000 employees)
Vetted Review
HCL AppScan
3 years of experience

AppScan helps up keep Web Apps in Compliance

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

We use IBM AppScan as part of our overall vulnerability management program. These assessments are in depth and use several tools, AppScan being the tool we use to look for application vulnerabilities in our Web applications.

We do a pre-production security assessment on all applications before they go live in our environment. In addition we do regularly repeated scans which primarily look for patching compliance and new vulnerabilities that may affect these applications.

Pros

  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance

Cons

  • We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment.
  • We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.

Likelihood to Recommend

This application is well suited for all web applications with the primary difficulty being that is does not handle federated logins.

However since we have validated our federation and vetted it well it is not a critical issue to bypass federation for scanning a site, only an inconvenience as we have to setup bypass authentication and then remove so that is cannot be used by an attacker.

SS
Seth Shestack
Executive Director, Deputy CISO in Information Technology at Temple University (5001-10,000 employees)
Vetted Review
HCL AppScan
14 years of experience
View profile