Fortra Tripwire IP360 vs HCL AppScan comparison

The compared Fortra and HCLSoftware solutions aren't in the same category. Fortra is ranked #59 in VM , and holds a 0.7% mindshare in the category. HCLSoftware is ranked #21 in AS , with an average rating of 7.5, and holds a 2.3% mindshare. Additionally, 60% of Fortra users are willing to recommend the solution, compared to 84% of HCLSoftware users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Fortra Tripwire IP360 and HCL AppScan based on real PeerSpot user reviews.

Find out what your peers are saying about Wiz, Tenable, Qualys and others in Vulnerability Management.

To learn more, read our detailed Vulnerability Management Report (Updated: June 2026).

Buyer's Guide

Vulnerability Management

June 2026

Download the complete report

Helped 900,644 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Qualys TotalCloud

Mindshare comparison

Vulnerability Management Mindshare Distribution
Product	Mindshare (%)
Fortra Tripwire IP360	0.7%
Wiz	4.5%
Qualys VMDR	3.9%
Other	90.9%

Vulnerability Management

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
HCL AppScan	2.3%
SonarQube	12.7%
Checkmarx One	8.3%
Other	76.7%

Application Security Tools

Featured Reviews

Robert Orłowski

IT Security Expert at Alior Bank S.A.

Unified risk scoring has improved our cloud visibility and simplifies remediation priorities

Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.

Read full review

Corey Cole

Service Coordinator - Technology Security at a government with 10,001+ employees

The solution helps users to manage their entire IP range, but it's unreliable and very expensive to maintain

Only the administrator was using the product. He used it to read reports as part of our compliance programs. It wasn't heavily used by a lot of users. The tool comes in at a large scale, and we tried to scale it down. The scaling did not apply to us. It was neither difficult nor easy. I rate the scalability a five out of ten. We had some challenges while scaling it down. It could do 10,000 devices, and we wanted to use it for ten devices. The process was difficult and expensive. We did not need the product anymore.

Read full review

Ravi Khanchandani

Founder Director at Techsa Services

Has improved identification of encryption and authentication issues across cloud and on-prem applications

During the learning curve of onboarding HCL AppScan, we learned that HCL has altered the portfolio and now offers HCL AppScan 360, which has a much better look and feel with an improved user interface. However, there is one feature called SCA, which stands for Software Composition Analysis, that could be improved. When I'm doing an application scan, HCL AppScan has the ability to generate information about what components are in use. For example, if I'm scanning a web application, it shows me the various components being used. It tells me whether I have Java libraries, .NET frameworks, or other log management libraries such as Log4j, and what versions of those specific components are present. I would like to see more detailed reports from the tool. Currently, you can find out the components belonging to a specific software, but if detailed reporting became available, you would be in a better position to identify vulnerabilities. For instance, I could identify that I had the Log4j vulnerability and know that I need to fix my application accordingly. If they add the features I'm describing, I would consider giving them a higher rating. However, I've only been experienced with the product for three months.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The scalability is good as well. I would rate it ten out of ten."

"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."

"Qualys TotalCloud fulfills all these needs."

"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."

"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."

"If I had to say something positive about the product that brings me the biggest benefit, I would say it has accurate reports, gets new update CVEs, zero-day attack detection, and is easy to manage with its GUI."

"I would recommend Qualys TotalCloud to other users because it is cost-efficient and has a good return on investment."

"The vulnerability management feature is the one I like the most because it provides a clear picture of all vulnerabilities."

More Qualys TotalCloud pros

"Tripwire is one of the most mature in terms of companies, suites, support, everything, much more than any other product."

"We could manage our entire IP range with the solution."

"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."

"It has enhanced the security program by ensuring that all external-facing systems are scanned on a routine basis."

"The company probably chose this solution because they thought that they would be getting the best bang for their buck."

"This product detects vulnerabilities which exist in the environment, and provides enough information that allows for remediation, thereby securing the environment."

"Tripwire IP360 helps me to discover most of the vulnerabilities, and I like the way that it prioritizes these vulnerabilities, as it allows me to focus on the most important ones first and then follow up with the rest."

"Tripwire IP360 is a very stable solution."

"The solution is cheap."

"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."

"The HCL AppScan performance is both stable and reliable."

"The UI was very intuitive."

"It provides a better integration for our ecosystem."

"The solution offers services in a few specific development languages."

"It identifies all the URLs and domains on its own and then performs tests and provides the results."

"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."

More HCL AppScan pros

Cons

"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."

"The cloud licensing unit system is unclear, especially since "units" aren't well-defined."

"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."

"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."

"Some major banks and insurance companies require an on-premises solution for comprehensive vulnerability management, which TotalCloud does not offer."

"TotalCloud could improve its scanning of niche devices like Wi-Fi dongles and USB modems because they are often untested. It covers everything else, like laptops, mobile devices, and Bluetooth IoT devices. They can improve on the small IoT devices because hackers and testers use these."

"There is a lack of data segregation according to criticality or inventory."

"I would like the ability to disable certain default built-in policies as they can be misleading when creating dashboards. That is the top one."

More Qualys TotalCloud cons

"The reporting functions can use improvement."

"For IP360, unfortunately, scans for certain vulnerabilities often cause issues, as they are mainly false positive."

"I am not very impressed by the technical support."

"We would like to have better reporting capabilities and for them to be more granular."

"We need to dedicate time and resources to keep it running."

"If you are looking for better reporting capabilities and vulnerability tracking over time for remediation purposes, then this is not the best solution."

"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."

"There is room for improvement in the pricing model."

"It has crashed at times."

"It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good."

"The pricing has room for improvement."

"The solution needs to improve in some areas. The tool needs to add more languages. It also needs to improve its speed."

"HCL AppScan needs to improve security."

"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."

"A desktop version should be added."

More HCL AppScan cons

Pricing and Cost Advice

"TotalCloud's price is about right where I would expect it to be."

"Qualys TotalCloud offers cost-effective licensing flexibility."

"The cost is high, but it meets our organizational needs."

"Qualys TotalCloud is expensive."

"It isn't cheap, but it's reasonable. It helps us to manage things with very few resources."

"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."

"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."

"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."

More Qualys TotalCloud pricing and cost advice

"The product was expensive for us."

"I believe the price compares well within the market."

"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

"The product has premium pricing and could be more competitive."

"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."

"Our clients are willing to pay the extra money. It is expensive."

"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."

"The price is very expensive."

"The product is moderately priced, though it's an investment due to extensive code analysis needs."

"HCL AppScan is expensive."

More HCL AppScan pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

900,644 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

18%

Financial Services Firm

14%

Construction Company

Comms Service Provider

Manufacturing Company

12%

Construction Company

11%

Comms Service Provider

10%

Financial Services Firm

11%

Manufacturing Company

Government

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	3
Large Enterprise	29

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	1
Large Enterprise	4

By reviewers
Company Size	Count
Small Business	14
Midsize Enterprise	6
Large Enterprise	31

Questions from the Community

What is your experience regarding pricing and costs for Qualys TotalCloud?

The price is very expensive, actually.

See all answers

What needs improvement with Qualys TotalCloud?

Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...

See all answers

What is your primary use case for Qualys TotalCloud?

Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...

See all answers

Ask a question

Earn 20 points

What needs improvement with HCL AppScan?

During the learning curve of onboarding HCL AppScan, we learned that HCL has altered the portfolio and now offers HCL...

See all answers

What is your primary use case for HCL AppScan?

I'm currently working with BigFix and HCL AppScan. At least three people in my company are using HCL AppScan. Since w...

See all answers

What is your experience regarding pricing and costs for HCL AppScan?

AppScan is considered more cost-effective than Veracode, although I have not updated the exact pricing details. Compa...

See all answers

Comparisons

Wiz vs Qualys TotalCloud

Compared 12% of the time

Microsoft Defender for Cloud vs Qualys TotalCloud

Compared 8% of the time

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Compared 6% of the time

JupiterOne vs Qualys TotalCloud

Compared 5% of the time

Nucleus Security vs Qualys TotalCloud

Compared 5% of the time

More Qualys TotalCloud Competitors

Tenable Nessus vs Fortra Tripwire IP360

Compared 12% of the time

Tenable Security Center vs Fortra Tripwire IP360

Compared 9% of the time

Checkmarx One vs Fortra Tripwire IP360

Compared 9% of the time

IBM Guardium Vulnerability Assessment vs Fortra Tripwire IP360

Compared 6% of the time

More Fortra Tripwire IP360 Competitors

Veracode vs HCL AppScan

Compared 8% of the time

Checkmarx One vs HCL AppScan

Compared 7% of the time

PortSwigger Burp Suite Professional vs HCL AppScan

Compared 7% of the time

SonarQube vs HCL AppScan

Compared 6% of the time

Acunetix vs HCL AppScan

Compared 6% of the time

More HCL AppScan Competitors

Product Reports

Buyer's Guide

Qualys TotalCloud

June 2026

Download Qualys TotalCloud product report

Buyer's Guide

Fortra Tripwire IP360

June 2026

Download Fortra Tripwire IP360 product report

Buyer's Guide

HCL AppScan

June 2026

Download HCL AppScan product report

Also Known As

Qualys TotalCloud with FlexScan

IP360

IBM Security AppScan, Rational AppScan, AppScan

Overview

Qualys TotalCloud enhances security posture across cloud environments with continuous monitoring, vulnerability management, and risk visualization, ensuring efficient threat assessment and automated remediation for improved cyber risk reduction.

Qualys TotalCloud offers a robust suite of security tools essential for organizations managing multi-cloud infrastructures. By integrating cloud accounts and automating workflows, it supports AWS, Azure, and GCP, offering comprehensive vulnerability management and zero-day detection. The platform's user-friendly design, combined with its extensive risk management and unified threat assessment capabilities, enables organizations to prioritize and remediate vulnerabilities effectively. TruRisk Insights provides clear insights on cyber risks, while the automation options streamline patch management and scanning processes. API integration across IaaS and SaaS environments further enhances resource allocation efficiency and saves time, addressing misconfigurations across cloud environments.

What are the most important features of Qualys TotalCloud?

Accurate Vulnerability Reports: Delivers precise and actionable insights for risk mitigation.
Zero-Day Detection: Identifies and addresses zero-day vulnerabilities proactively.
Unified Threat Assessment: Offers comprehensive evaluation of threats across the environment.
Extensive Risk Management: Manages risks effectively with advanced insights and prioritization.
Continuous Monitoring: Provides non-stop surveillance for vulnerabilities and threats.
Cloud-Native Automation: Streamlines processes and reduces manual efforts using automation.
FlexScan for Internet-Facing VMs: Scans external VMs efficiently to detect vulnerabilities.
Dashboard Risk Visualization: Clear visualization helps prioritize vulnerabilities.

What benefits and ROI should users look for?

Improved Security Posture: Enhances threat detection and response across clouds.
Time Savings: Automation reduces time spent on manual vulnerability management.
Resource Efficiency: Better allocation of resources through streamlined workflows.
Enhanced Risk Prioritization: Focus on critical vulnerabilities for effective mitigation.
Integrated Cloud Accounts: Facilitates seamless cloud management and security.

Qualys TotalCloud is deployed in sectors needing rigorous vulnerability management, such as finance and healthcare. Companies utilize it to secure multi-cloud environments like AWS, Azure, and GCP, focus on compliance, and integrate security into CI/CD pipelines to detect and remedy threats pre-deployment.

Qualys

Tripwire IP360 is a powerful vulnerability management solution that identifies and prioritizes network vulnerabilities for remediation. It is highly effective in scanning devices and applications, improving security posture, ensuring compliance, and managing risks.

Users value its detailed reporting, user-friendly interface, and seamless integration with other security tools for efficient security management.

Fortra

HCL AppScan offers quick vulnerability detection with effective SDLC integration and is known for its user-friendly interface and seamless security integration.

HCL AppScan provides dynamic and static scanning to identify vulnerabilities like XSS and SQL injection. It integrates well into CI/CD pipelines, supports multiple languages, and offers web and dynamic scanning, helping businesses ensure security across development lifecycles. Users benefit from API coverage, Postman integration, and its ability to function in cloud and on-premise environments, facilitating a shift from DevOps to DevSecOps practices.

What features define HCL AppScan?

User-friendly interface: Simplifies navigation and usage.
Vulnerability detection: Quickly identifies issues like XSS and SQL injection.
Integration with SDLC: Seamlessly blends with development processes.
Dynamic scanning: Offers comprehensive security evaluations.
Multiple language support: Supports diverse programming environments.

What benefits should users consider?

Scalability: Adapts to growing needs and projects.
Low false-positive rates: Delivers accurate and reliable results.
Detailed reporting: Provides comprehensive vulnerability insights.
Effective integration: Enhances CI/CD pipeline security.

HCL AppScan is leveraged in sectors requiring rigorous security checks, such as finance and healthcare, where it conducts comprehensive scans and offers insights into potential vulnerabilities. Its robust scanning capabilities aid companies in maintaining compliance and security standards.

HCLSoftware

Sample Customers

Information Not Available

1. Aetna 2. Accenture 3. Adidas 4. AIG 5. Airbus 6. Akamai 7. Amazon 8. American Express 9. Aon 10. Apple 11. ATT 12. Autodesk 13. Bank of America 14. Barclays 15. Bayer 16. Bechtel 17. BlackRock 18. Boeing 19. BNP Paribas 20. Cisco 21. CocaCola 22. Comcast 23. Dell 24. Deutsche Bank 25. eBay 26. ExxonMobil 27. FedEx 28. Ford 29. General Electric 30. Google 31. HP 32. IBM

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

Buyer's Guide

Vulnerability Management

June 2026

Download Free Report

Find out what your peers are saying about Wiz, Tenable, Qualys and others in Vulnerability Management. Updated: June 2026.

DOWNLOAD NOW

900,644 professionals have used our research since 2012.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.