HCL AppScan (formerly from IBM) is well suited for reducing security flaws in my team's secure code development. The software identifies a lot of issues automatically which helps us reduce delivery time and prevent security breaches. HCL AppScan (formerly from IBM) lacks innovation and automation functionalities, while other tools offer artificial intelligence-driven analysis that helps the team reduce time and money. Also, there is a need to reduce false-positives generated by the solution

September 12, 2018

AppScan helps up keep Web Apps in Compliance

Seth Shestack

Executive Director, Deputy CISO

Temple University (Higher Education, 5001-10,000 employees)

Score 8 out of 10

Vetted Review

Verified User

Review Source

Likelihood to Recommend

This application is well suited for all web applications with the primary difficulty being that is does not handle federated logins.
However since we have validated our federation and vetted it well it is not a critical issue to bypass federation for scanning a site, only an inconvenience as we have to setup bypass authentication and then remove so that is cannot be used by an attacker.

HCL AppScan Scorecard Summary

Likelihood to Recommend (2): 80%
8.0

What is HCL AppScan?

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

HCL AppScan Pricing

More Pricing Information

HCL AppScan Technical Details

Operating Systems	Unspecified
Mobile Application	No

Frequently Asked Questions

What is HCL AppScan?

What are HCL AppScan's top competitors?

PortSwigger Burp Suite, Micro Focus Fortify on Demand, and Checkmarx are common alternatives for HCL AppScan.

Who uses HCL AppScan?

The most common users of HCL AppScan are from Mid-size Companies and the Information Technology & Services industry.