Try our new research platform with insights from 80,000+ expert users

HCL AppScan pros and cons

Vendor: HCLSoftware

3.9 out of 5

43 reviews
83% willing to recommend

1,657 followers

Pros & Cons summary

HCL AppScan offers compliance templates, accurate vulnerability identification with severity levels, and supports static, dynamic, and QR code scanning. It integrates with SDLC, aiding developers with AI-powered remediation steps. However, it faces challenges like integration limitations, slow scans on large websites, false positives, and scalability issues. Performance enhancement for web application scanning is needed, along with improved CI/CD integration, security, reporting features, and better vulnerability detection through AI.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

HCL AppScan provides comprehensive templates for compliance needs like PCI.

It allows simultaneous scanning of multiple websites, enhancing efficiency.

It facilitates the integration of security checks into the development process.

It offers advanced vulnerability identification with detailed remediation steps.

It has strong integration with the SDLC, especially during the coding phase.

CONS

HCL AppScan needs to improve its handling of false positives.

Security features should be enhanced in HCL AppScan.

Performance optimization is required for faster scanning in HCL AppScan.

HCL AppScan should improve its CI/CD integration capabilities.

Integrating HCL AppScan with other tools presents challenges.

HCL AppScan Pros review quotes

reviewer1428084

Principal Architect, Application Build Security. at a transportation company with 10,001+ employees

Jan 19, 2022

The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL.

Read full review

Director Of Product Cyber Security at Honeywell International Inc.

Mar 21, 2018

For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted.

Read full review

Managing director at Accenture

Mar 20, 2018

It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code.

Read full review

Free Report: HCL AppScan Reviews and More

Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.

851,604 professionals have used our research since 2012.

CTO at Anzen

Mar 22, 2018

Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production.

Read full review

Chief information with 5,001-10,000 employees

Mar 29, 2017

It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply.

Read full review

CV

CRISTIANO VIEIRA SILVA

Mechanical maintenance technician at SAQ

Apr 19, 2024

The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.

Read full review

reviewer1415661

General Manager at a consultancy with 51-200 employees

Nov 9, 2020

It identifies all the URLs and domains on its own and then performs tests and provides the results.

Read full review

Gladwin Christian

QA manager at SmartStream Technologies ltd.

Sep 29, 2023

The most valuable feature of the solution is the scanning or security part.

Read full review

reviewer1467588

Owner/ Consultant at a tech services company with 1-10 employees

Dec 7, 2020

There's extensive functionality with custom rules and a custom knowledge base.

Read full review

Software Engineer at Inspire for Solutions Development

Feb 6, 2023

The most valuable feature of the solution is Postman.

Read full review

Show 10 more reviews (out of 38)

HCL AppScan Cons review quotes

reviewer1428084

Principal Architect, Application Build Security. at a transportation company with 10,001+ employees

Jan 19, 2022

The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved.

Read full review

Director Of Product Cyber Security at Honeywell International Inc.

Mar 21, 2018

I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point.

Read full review

CTO at Anzen

Mar 22, 2018

I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers.

Read full review

Free Report: HCL AppScan Reviews and More

Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: May 2025.

851,604 professionals have used our research since 2012.

Chief information with 5,001-10,000 employees

Mar 29, 2017

We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices.

Read full review

CV

CRISTIANO VIEIRA SILVA

Mechanical maintenance technician at SAQ

Apr 19, 2024

Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features.

Read full review

reviewer1415661

General Manager at a consultancy with 51-200 employees

Nov 9, 2020

One thing which I think can be improved is the CI/CD Integration

Read full review

Gladwin Christian

QA manager at SmartStream Technologies ltd.

Sep 29, 2023

The solution's scalability can be a matter of concern because one license runs on one machine only.

Read full review

reviewer1467588

Owner/ Consultant at a tech services company with 1-10 employees

Dec 7, 2020

The solution often has a high number of false positives. It's an aspect they really need to improve upon.

Read full review

Software Engineer at Inspire for Solutions Development

Feb 6, 2023

The databases for HCL are small and have room for improvement.

Read full review

MS

Associate Principal, Software Engineering at LTI - Larsen & Toubro Infotech

Nov 11, 2024

AppScan needs to improve its handling of false positives.

Read full review

Show 10 more reviews (out of 36)

Product Categories

Product Categories

Application Security Tools

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Popular Comparisons

Popular Comparisons

SonarQube Server (formerly SonarQube) vs HCL AppScan

GitLab vs HCL AppScan

Snyk vs HCL AppScan

Checkmarx One vs HCL AppScan

Veracode vs HCL AppScan

Coverity vs HCL AppScan

Mend.io vs HCL AppScan

OWASP Zap vs HCL AppScan

SonarQube Cloud (formerly SonarCloud) vs HCL AppScan

Fortify on Demand vs HCL AppScan

GitHub Advanced Security vs HCL AppScan

Sonatype Lifecycle vs HCL AppScan

Acunetix vs HCL AppScan

PortSwigger Burp Suite Professional vs HCL AppScan

Qualys Web Application Scanning vs HCL AppScan

See all alternatives

Product Categories

Product Categories

Application Security Tools

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Popular Comparisons

Popular Comparisons

SonarQube Server (formerly SonarQube) vs HCL AppScan

GitLab vs HCL AppScan

Snyk vs HCL AppScan

Checkmarx One vs HCL AppScan

Veracode vs HCL AppScan

Coverity vs HCL AppScan

Mend.io vs HCL AppScan

OWASP Zap vs HCL AppScan

SonarQube Cloud (formerly SonarCloud) vs HCL AppScan

Fortify on Demand vs HCL AppScan

GitHub Advanced Security vs HCL AppScan

Sonatype Lifecycle vs HCL AppScan

Acunetix vs HCL AppScan

PortSwigger Burp Suite Professional vs HCL AppScan

Qualys Web Application Scanning vs HCL AppScan

See all alternatives

Related questions

32

Difference between IBM Appscan and HP fortify software

17

Which solution do you prefer: Fortify WebInspect or HCL AppScan?

592

If you had to both encrypt and compress data during transmission, which would you do first and why?

30

When evaluating Application Security, what aspect do you think is the most important to look for?

90

What are the Top 5 cybersecurity trends in 2022?

110

What are the threats associated with using ‘bogus’ cybersecurity tools?

38

We're evaluating Tripwire, what else should we consider?

11

Which application security solutions include both vulnerability scans and quality checks?

1,370

Is SonarQube the best tool for static analysis?

20

Why Do I Need Application Security Software?