HCL AppScan

HCL AppScan
Formerly from IBM

Score 8.4 out of 10
HCL AppScan


What is HCL AppScan?

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
Read more

Recent Reviews

Read all reviews

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of HCL AppScan, and make your voice heard!

Return to navigation


View all pricing

What is HCL AppScan?

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

Entry-level set up fee?

  • No setup fee


  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

17 people want pricing too

Alternatives Pricing

What is SonarQube?

SonarQube (formerly Sonar) is an open source application security solution.

What is Indusface WAS?

Indusface Web Application Scanner provides an application security audit to detect a range of high-risk Vulnerabilities, Malware, and Critical CVEs.

Return to navigation

Product Details

What is HCL AppScan?

AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.

HCL AppScan Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation


View all alternatives
Return to navigation

Reviews and Ratings



(1-5 of 5)
Companies can't remove reviews or game the system. Here's why
Score 7 out of 10
Vetted Review
Verified User
This application helps to perform Dynamic Application Scan, in which the HCL AppScan dynamically navigates through the site and finds any vulnerabilities or fixes that can be done to prevent any future attack. The best thing about this application is the variety of configurations we can do depending on the scenario and the ping capacity.
  • Test the application
  • Explore the application for vulnerabilities
  • Runs automatic scans
  • It can have a FAQ session in the Application itself.
  • It can recommend the fix for the error that occurred during the scan.
  • Like its storing multiple manuals explore, It should have the capability of storing multiple logins.
I would say that HCL AppScan is very simple to understand and use since it uses a user-friendly interface and the terminologies that are used in the interface of the application is very clear. We can automate a scan with any third party like Jenkins. The fact, I don't like is the time takes to execute the application, it should be better.
  • Automate the scan
  • Instant and detailed report
  • The configurations in the application
  • The time takes to execute the scan.
  • Sometime it pings the DB much frequently that it may come down.
  • It does not sends any notification referring that the scan is completed.
Sanjana Gupta | TrustRadius Reviewer
Score 10 out of 10
Vetted Review
Verified User
HCL AppScan is an automated and integrated platform that provides a holistic visibility into the security posture of an application. It enables protection of business-critical applications from security threats, vulnerabilities, and compliance violations. It offers best protection in the market right now. HCL AppScan enables our organizations to secure our mobile and web apps by identifying vulnerabilities and flaws before they are deployed into production environment.
  • Easy to manage
  • Easy to use
  • Easy to connect to our CI/CD pipeline
  • Good documentation
  • Trustful assessment
  • Cost can be a factor
  • Troubleshooting is a bit difficult.
  • Sometimes take long time for scanning
In HCL AppScan automation maintain a reasonable pace of review and remediation of flaws for our apps. HCL AppScan is a cloud-based enterprise mobile application security testing solution for Android and iOS applications developed using Java, .Net or Objective-C. So it covers all our area and It consists of three components: AppScan Source Edition for developing and testing apps internally, AppScan Standard Edition for testing internally or externally, and AppScan Enterprise Edition for large enterprises who need to secure their entire mobile application portfolio across the organization with multiple device types.
  • Easy to configure
  • Stable solution
  • Easy to set up
  • Scanning QR codes
  • Supports SAST, DAST, IAST and risk-management capabilities
  • Multiple Code Languages Supported
  • Fast and Accurate Application Security Testing
When we used Veracode, it takes a-lot of time to run a source code analysis. It's user interface is also bit clumsy. So we switched to HCL AppScan. It enables enterprises to scan internal and external applications for vulnerabilities. It provides quick and easy access to the most updated security guidelines by scanning applications against the OWASP Top 10 vulnerabilities.
Brandon R Hudson | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
For years I have compared it with products from other companies and free products, but to be honest, the test patterns have become commoditized and I don't think there is a big difference in any product. In addition, the report can be shared with development members, leading to problem-solving.
  • Programming function.
  • Vulnerability diagnostic report.
  • I think it is convenient to be able to diagnose vulnerabilities regularly with the scheduling function.
  • The functions you want, the points that are difficult to understand.
  • Issues presented in the vulnerability diagnostic report may not be fully explained and not well understood.
  • You may think it is very basic and natural, "diagnose screen after login" "diagnose according to input transition ⇒ confirmation ⇒ completion" but to do all this, you need regular expressions, and macros, there are many products that require you to write scripts.
Web applications these days have evolved too much and have become extremely complex. With AppScan, the configuration can be done through the GUI by using functions such as "login management" and "multi-step operation". To be honest, there are some parts of these functions that are difficult to understand, but I think we have to wait for more for the arrival of AI.
  • It is beneficial in my opinion since there are answers and recommendations for the difficulties.
  • The advantage of AppScan is that it can diagnose according to application specifications.
  • Dynamic diagnostics is basically a test that guarantees quality by the number of test cases.
  • There are countless implementations to accomplish the same thing, and so many configurations are required.
  • Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
  • Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.
November 07, 2021

HCL AppScan insights

Score 7 out of 10
Vetted Review
Verified User
HCL AppScan provides mobile application scan with predefined templates integration with common code repositories supported Supports 13+ languages including C/C++, COBOL, ColdFusion, Java™ , Android, JSP, JavaScript, Perl, PHP, PL/SQL/T-SQL, C#, ASP.NET, and VB.NET on the other hand, it requires upfront planning for setup and configuration the recording of the application is crucial to have valuable test completion There is quite a complex list of supported browsers May be resource intensive which can cause long run-times for dynamic scans the application crashes sometimes
  • learns behavior of each application to test application-specific vulnerabilities
  • Provides mobile application scan with predefined templates
  • simplify the upfront planning for configuration
  • improves the resource management to prevent from crashes and timeout
strengths : identifies Static and Dynamic Security vulnerabilities, has IDE plugins for ease of use like VS Plugin, Eclipse Plugin, IntelliJ, etc
Challenges : support build of code files prior to scan, offers limited static analysis features for data identification and runtime data tracking
  • provides enterprise dashboards to classify and prioritize application assets based on business impact to maximize remediation efforts
  • learns behavior of each application to test application-specific vulnerabilities
Score 8 out of 10
Vetted Review
Verified User
HCL AppScan (formerly from IBM) is an application security solution that helps my team to review security flaws and bugs in developing applications. HCL AppScan is a source code analysis tool usually known as Static Application Security Testing (SAST) Tool. The solution is well-engineered and is rated among the leaders in the market. It helped my team reduce errors and ensure we followed security best practices in our software development cycle.
  • Vulnerability reporting
  • Static code analysis
  • Remediation
  • DevSecOps
  • Reduce number of false poitives
  • Add automation tools to reduce manual effort
  • improve user experience
  • prepare dynamic dashboards
HCL AppScan (formerly from IBM) is well suited for reducing security flaws in my team's secure code development. The software identifies a lot of issues automatically which helps us reduce delivery time and prevent security breaches. HCL AppScan (formerly from IBM) lacks innovation and automation functionalities, while other tools offer artificial intelligence-driven analysis that helps the team reduce time and money. Also, there is a need to reduce false-positives generated by the solution
  • DevSecOps
  • Static Code Analyzer
  • Application security reporting
  • Reduced manual effort by 20-30%
  • Integrate 3-4 security solutions with other tools in the system
  • prevent sql injection attacks in our business
Both solutions are decent, however, I had team members who had the experience working with HCL AppScan. Also, the product was priced nominally which suited our budget. Further, HCL AppScan's user community was bigger and many learning resources were freely available which helped junior peers learn quickly and eliminate any issues.
Return to navigation