Overview
What is HCL AppScan?
AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
HCL AppScan: Things you wished you know before.
An Automated and Integrated Platform that provides a Holistic Visibility into the Security
A tool that can perform diagnostics according to the application specifications.
HCL AppScan insights
HCL AppScan a reliable solution for all your application security needs
AppScan helps up keep Web Apps in Compliance
Pricing
What is HCL AppScan?
AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
84 people also want pricing
Alternatives Pricing
What is SonarQube?
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines to ensure the software you produce is secure, reliable, and maintainable.
What is Rapid7 AppSpider?
AppSpider, from Boston-based Rapid7, is an application security and testing offering based on technology acquired from NT OBJECTives (their similarly named software NTOSpider, acquired with the company during April, 2015).
Product Demos
HCL AppScan: Issue Management Gateway Workflow Overview
HCL AppScan Source V10: Scan a GoLang Application
Bring Code to Scan into AppScan Source
HCL AppScan Standard: Setting Up Your First Scan (v 10.0.0)
Setting up HCL License Server for AppScan
HCL AppScan on Cloud: Azure DevOps Plug-In Demo
Product Details
- About
- Tech Details
What is HCL AppScan?
HCL AppScan Video
HCL AppScan Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Comparisons
Compare with
Reviews and Ratings
(23)Community Insights
- Business Problems Solved
- Recommendations
HCL AppScan has been highly regarded by organizations seeking to secure their mobile and web applications. Users have found the tool invaluable for performing Dynamic Application Scans, enabling them to navigate through sites and identify potential vulnerabilities or fixes. The application offers a range of configurations, allowing users to customize their security measures based on their specific needs and capacity. This flexibility has made HCL AppScan a popular choice for conducting in-depth security assessments as part of vulnerability management programs. Users have compared HCL AppScan with other products and free alternatives, noting that the test patterns have become standardized across different solutions. The tool has not only helped teams reduce errors but also ensured adherence to security best practices throughout the software development cycle. Additionally, HCL AppScan provides holistic visibility into the security posture of applications, safeguarding them from threats, vulnerabilities, and compliance violations. Supporting a wide array of languages, this well-engineered source code analysis tool is highly regarded for its static application security testing capabilities. Users have found it easy to share reports generated by HCL AppScan with development members, facilitating collaboration and problem-solving. Furthermore, the tool has been used to pinpoint application vulnerabilities in web applications as well as ensure patching compliance and identify new vulnerabilities. Overall, HCL AppScan has emerged as a reliable solution for organizations looking to proactively address security concerns within their applications.
Users have made the following recommendations based on their experiences with HCL AppScan:
-
Use IBM AppScan for comprehensive security testing. It provides a wide range of security testing capabilities, including SAST, DAST, Mobile app Security Testing, and IAST. IBM AppScan is suitable for mobile-based organizations and offers support for multiple programming languages. It can easily integrate with CI/CD pipelines, making it suitable for organizations adopting DevOps practices.
-
Perform thorough testing to identify all vulnerabilities. While IBM AppScan is considered a great product, it may not identify all vulnerabilities. To ensure maximum effectiveness, users recommend conducting proper tests and utilizing specific use cases before moving into production.
-
Benefit from IBM's expertise in software solutions. IBM is a leader in providing software solutions, and users believe that IBM AppScan is a prime example of their pioneering work. They recommend using IBM AppScan to identify security issues and vulnerabilities within applications. The comprehensive report generated by IBM AppScan helps in understanding and addressing these issues effectively.
In summary, users recommend using IBM AppScan for its wide range of security testing capabilities, suggest thorough testing to identify vulnerabilities, and highlight the benefits of IBM's expertise in software solutions.
Reviews
(1-5 of 5)HCL AppScan: Things you wished you know before.
- Test the application
- Explore the application for vulnerabilities
- Runs automatic scans
- It can have a FAQ session in the Application itself.
- It can recommend the fix for the error that occurred during the scan.
- Like its storing multiple manuals explore, It should have the capability of storing multiple logins.
- Automate the scan
- Instant and detailed report
- The configurations in the application
- The time takes to execute the scan.
- Sometime it pings the DB much frequently that it may come down.
- It does not sends any notification referring that the scan is completed.
An Automated and Integrated Platform that provides a Holistic Visibility into the Security
- Easy to manage
- Easy to use
- Easy to connect to our CI/CD pipeline
- Good documentation
- Trustful assessment
- Cost can be a factor
- Troubleshooting is a bit difficult.
- Sometimes take long time for scanning
- Easy to configure
- Stable solution
- Easy to set up
- Scanning QR codes
- Supports SAST, DAST, IAST and risk-management capabilities
- Multiple Code Languages Supported
- Fast and Accurate Application Security Testing
- Programming function.
- Vulnerability diagnostic report.
- I think it is convenient to be able to diagnose vulnerabilities regularly with the scheduling function.
- The functions you want, the points that are difficult to understand.
- Issues presented in the vulnerability diagnostic report may not be fully explained and not well understood.
- You may think it is very basic and natural, "diagnose screen after login" "diagnose according to input transition ⇒ confirmation ⇒ completion" but to do all this, you need regular expressions, and macros, there are many products that require you to write scripts.
- It is beneficial in my opinion since there are answers and recommendations for the difficulties.
- The advantage of AppScan is that it can diagnose according to application specifications.
- Dynamic diagnostics is basically a test that guarantees quality by the number of test cases.
- There are countless implementations to accomplish the same thing, and so many configurations are required.
- Even if you test it finished and find no vulnerabilities, there is no point if you just get the error screen.
- Until now, I was worried about vulnerabilities and security in software development, but I think it was good to find the vulnerability problem quickly with HCL AppScan.
HCL AppScan insights
- learns behavior of each application to test application-specific vulnerabilities
- Provides mobile application scan with predefined templates
- simplify the upfront planning for configuration
- improves the resource management to prevent from crashes and timeout
Challenges : support build of code files prior to scan, offers limited static analysis features for data identification and runtime data tracking
- provides enterprise dashboards to classify and prioritize application assets based on business impact to maximize remediation efforts
- learns behavior of each application to test application-specific vulnerabilities
- Vulnerability reporting
- Static code analysis
- Remediation
- DevSecOps
- Reduce number of false poitives
- Add automation tools to reduce manual effort
- improve user experience
- prepare dynamic dashboards
- DevSecOps
- Static Code Analyzer
- Application security reporting
- Reduced manual effort by 20-30%
- Integrate 3-4 security solutions with other tools in the system
- prevent sql injection attacks in our business
- Synopsys Coverity Static Application Security Testing (SAST)