HCL AppScan and Veracode are competing tools in the security software market. Veracode often has the upper hand due to its superior features and customer service, despite HCL AppScan's more favorable pricing.
Features: HCL AppScan offers comprehensive security testing capabilities, integration with development tools, and effectiveness in identifying vulnerabilities. Veracode stands out with a robust cloud-based platform, detailed reporting features, and the ability to easily pinpoint issues.
Room for Improvement: HCL AppScan users suggest improved documentation, usability enhancements, and faster customer service responses. Veracode could improve its scan speed, integration flexibility, and deployment complexity.
Ease of Deployment and Customer Service: HCL AppScan is straightforward to deploy but has occasional lapses in customer service responsiveness. Veracode is praised for exceptional customer support, though its deployment process can be complex.
Pricing and ROI: HCL AppScan has an advantageous pricing structure and satisfactory ROI. Veracode is considered costlier, yet users believe its pricing is justified by the security benefits and comprehensive value offered.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
They respond very quickly since security is something critical.
Now we always try to add this engineer to all of our tickets so that we can solve everything faster.
They are very responsive and quick to help with queries within our scope.
It has a good capacity to scale effectively.
Cloud solutions are easier to scale than on-premise solutions.
If the Veracode server is down, we experience many issues during the scan.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
A nice addition would be if it could be extended for scenarios with custom cleansers.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
Another improvement that we asked for this use case is to be able to configure how Veracode Fix proposes and fixes because sometimes it makes proposals using libraries that go against our architecture design made by the enterprise architecture team.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
It's not the most expensive solution.
If there's a security gap, you'll never know the cost or effect.
Pricing-wise, I find it a bit expensive because it's based on the number of users requesting access to Veracode.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
It sees everything, finds all versions, and gives us a list of all of the vulnerabilities and which versions have vulnerabilities.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
It fixes issues directly in the IDE while you're doing it.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
