Skip to main content
TrustRadius
HCL AppScan

HCL AppScan
Formerly from IBM

Overview

What is HCL AppScan?

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

Read more
Recent Reviews

TrustRadius Insights

HCL AppScan has been highly regarded by organizations seeking to secure their mobile and web applications. Users have found the tool …
Continue reading
Read all reviews
Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is HCL AppScan?

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

82 people also want pricing

Alternatives Pricing

What is SonarQube?

SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.

What is Rapid7 AppSpider?

AppSpider, from Boston-based Rapid7, is an application security and testing offering based on technology acquired from NT OBJECTives (their similarly named software NTOSpider, acquired with the company during April, 2015).

Return to navigation

Product Demos

HCL AppScan: Issue Management Gateway Workflow Overview

YouTube

HCL AppScan Source V10: Scan a GoLang Application

YouTube

Bring Code to Scan into AppScan Source

YouTube

HCL AppScan Standard: Setting Up Your First Scan (v 10.0.0)

YouTube

Setting up HCL License Server for AppScan

YouTube

HCL AppScan on Cloud: Azure DevOps Plug-In Demo

YouTube
Return to navigation

Product Details

What is HCL AppScan?

HCL AppScan Video

Every decision counts in for our partner @ScuderiaFerrari. When you trust the quality and security of your software, you can be sure that you are planning efficiently and real-time decision making it takes to win races. #HCLAppScan #ScuderiaFerrari Read more about our partne...
 Show More

HCL AppScan Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(23)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

HCL AppScan has been highly regarded by organizations seeking to secure their mobile and web applications. Users have found the tool invaluable for performing Dynamic Application Scans, enabling them to navigate through sites and identify potential vulnerabilities or fixes. The application offers a range of configurations, allowing users to customize their security measures based on their specific needs and capacity. This flexibility has made HCL AppScan a popular choice for conducting in-depth security assessments as part of vulnerability management programs. Users have compared HCL AppScan with other products and free alternatives, noting that the test patterns have become standardized across different solutions. The tool has not only helped teams reduce errors but also ensured adherence to security best practices throughout the software development cycle. Additionally, HCL AppScan provides holistic visibility into the security posture of applications, safeguarding them from threats, vulnerabilities, and compliance violations. Supporting a wide array of languages, this well-engineered source code analysis tool is highly regarded for its static application security testing capabilities. Users have found it easy to share reports generated by HCL AppScan with development members, facilitating collaboration and problem-solving. Furthermore, the tool has been used to pinpoint application vulnerabilities in web applications as well as ensure patching compliance and identify new vulnerabilities. Overall, HCL AppScan has emerged as a reliable solution for organizations looking to proactively address security concerns within their applications.

Users have made the following recommendations based on their experiences with HCL AppScan:

  1. Use IBM AppScan for comprehensive security testing. It provides a wide range of security testing capabilities, including SAST, DAST, Mobile app Security Testing, and IAST. IBM AppScan is suitable for mobile-based organizations and offers support for multiple programming languages. It can easily integrate with CI/CD pipelines, making it suitable for organizations adopting DevOps practices.

  2. Perform thorough testing to identify all vulnerabilities. While IBM AppScan is considered a great product, it may not identify all vulnerabilities. To ensure maximum effectiveness, users recommend conducting proper tests and utilizing specific use cases before moving into production.

  3. Benefit from IBM's expertise in software solutions. IBM is a leader in providing software solutions, and users believe that IBM AppScan is a prime example of their pioneering work. They recommend using IBM AppScan to identify security issues and vulnerabilities within applications. The comprehensive report generated by IBM AppScan helps in understanding and addressing these issues effectively.

In summary, users recommend using IBM AppScan for its wide range of security testing capabilities, suggest thorough testing to identify vulnerabilities, and highlight the benefits of IBM's expertise in software solutions.

Reviews

(1-3 of 3)
Companies can't remove reviews or game the system. Here's why
Sanjana Gupta | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
Incentivized
HCL AppScan is an automated and integrated platform that provides a holistic visibility into the security posture of an application. It enables protection of business-critical applications from security threats, vulnerabilities, and compliance violations. It offers best protection in the market right now. HCL AppScan enables our organizations to secure our mobile and web apps by identifying vulnerabilities and flaws before they are deployed into production environment.
  • Easy to manage
  • Easy to use
  • Easy to connect to our CI/CD pipeline
  • Good documentation
  • Trustful assessment
  • Cost can be a factor
  • Troubleshooting is a bit difficult.
  • Sometimes take long time for scanning
In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.
  • Easy to configure
  • Stable solution
  • Easy to set up
  • Scanning QR codes
  • Supports SAST, DAST, IAST and risk-management capabilities
  • Multiple Code Languages Supported
  • Fast and Accurate Application Security Testing
When we used Veracode, it takes a-lot of time to run a source code analysis. It's user interface is also bit clumsy. So we switched to HCL AppScan. It enables enterprises to scan internal and external applications for vulnerabilities. It provides quick and easy access to the most updated security guidelines by scanning applications against the OWASP Top 10 vulnerabilities.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
HCL AppScan (formerly from IBM) is an application security solution that helps my team to review security flaws and bugs in developing applications. HCL AppScan is a source code analysis tool usually known as Static Application Security Testing (SAST) Tool. The solution is well-engineered and is rated among the leaders in the market. It helped my team reduce errors and ensure we followed security best practices in our software development cycle.
  • Vulnerability reporting
  • Static code analysis
  • Remediation
  • DevSecOps
  • Reduce number of false poitives
  • Add automation tools to reduce manual effort
  • improve user experience
  • prepare dynamic dashboards
HCL AppScan (formerly from IBM) is well suited for reducing security flaws in my team's secure code development. The software identifies a lot of issues automatically which helps us reduce delivery time and prevent security breaches. HCL AppScan (formerly from IBM) lacks innovation and automation functionalities, while other tools offer artificial intelligence-driven analysis that helps the team reduce time and money. Also, there is a need to reduce false-positives generated by the solution
  • DevSecOps
  • Static Code Analyzer
  • Application security reporting
  • Reduced manual effort by 20-30%
  • Integrate 3-4 security solutions with other tools in the system
  • prevent sql injection attacks in our business
Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues.
Score 8 out of 10
Vetted Review
Verified User
Incentivized
We use IBM AppScan as part of our overall vulnerability management program. These assessments are in depth and use several tools, AppScan being the tool we use to look for application vulnerabilities in our Web applications.
We do a pre-production security assessment on all applications before they go live in our environment. In addition we do regularly repeated scans which primarily look for patching compliance and new vulnerabilities that may affect these applications.
  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
  • We have been asking IBM to upgrade the connectivity from scanner to database to use TLS 1.2. Currently uses TLS 1.0 which we are trying to completely deprecate from our environment.
  • We have been having some login issues with authenticated scans for applications that use federated login (Shibboleth) dur to re-directs and timeouts. For these systems we have to bypass the federation and login directly to the application.
This application is well suited for all web applications with the primary difficulty being that is does not handle federated logins.
However since we have validated our federation and vetted it well it is not a critical issue to bypass federation for scanning a site, only an inconvenience as we have to setup bypass authentication and then remove so that is cannot be used by an attacker.
  • The positive impact is that it gives us a way to identify and remediate vulnerabilities in our web applications prior to being placed in production
We have been using AppScan for about 14 years (Before it was acquired by IBM). A few years ago we did an upgrade from the standard edition to the enterprise edition (to allow several users at once) in order to accommodate the growth of our team. Prior to this upgrade we looked at several other products and decided to stay with AppScan.

One of the major reasons was our familiarity with this product so that we could upgrade without the need to train our staff on a new product. All of these products were very close in comparison so we found no compelling reason to change.
Return to navigation