Try our new research platform with insights from 80,000+ expert users

HCL AppScan pros and cons

Vendor: HCLSoftware

3.8 out of 5

44 reviews
84% willing to recommend

Pros & Cons summary

HCL AppScan offers compliance templates, accurate vulnerability identification with severity levels, and supports static, dynamic, and QR code scanning. It integrates with SDLC, aiding developers with AI-powered remediation steps. However, it faces challenges like integration limitations, slow scans on large websites, false positives, and scalability issues. Performance enhancement for web application scanning is needed, along with improved CI/CD integration, security, reporting features, and better vulnerability detection through AI.

Buyer's Guide

Get pricing advice, tips, use cases and valuable features from real users of this product.

Prominent pros & cons

PROS

HCL AppScan provides comprehensive templates for compliance needs like PCI.

It allows simultaneous scanning of multiple websites, enhancing efficiency.

It facilitates the integration of security checks into the development process.

It offers advanced vulnerability identification with detailed remediation steps.

It has strong integration with the SDLC, especially during the coding phase.

CONS

HCL AppScan needs to improve its handling of false positives.

Security features should be enhanced in HCL AppScan.

Performance optimization is required for faster scanning in HCL AppScan.

HCL AppScan should improve its CI/CD integration capabilities.

Integrating HCL AppScan with other tools presents challenges.

HCL AppScan Pros review quotes

Security Consultant at a tech vendor with 501-1,000 employees

Aug 2, 2016

I prefer Appscan, as it much more user friendly, and it detects cross-site scripting and SQL injection issues much better than other tools in the market.

Read full review

Chief information with 5,001-10,000 employees

Mar 29, 2017

It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply.

Read full review

Application Security Consultant at a financial services firm with 10,001+ employees

Mar 29, 2017

It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings.

Read full review

Free Report: HCL AppScan Reviews and More

Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.

884,873 professionals have used our research since 2012.

PN

Security Consultant at a consultancy with 10,001+ employees

Dec 24, 2017

IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability.

Read full review

Business Development Manager at a tech services company with 10,001+ employees

Mar 21, 2018

The static scans are good, and the SaaS as well.

Read full review

Director Of Product Cyber Security at a aerospace/defense firm with 10,001+ employees

Mar 21, 2018

For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted.

Read full review

Senior Security Specialist at a transportation company with 10,001+ employees

Mar 22, 2018

I like the recording feature.

Read full review

TH

Director For Security Products at a manufacturing company with 10,001+ employees

Mar 22, 2018

It has certainly helped us find vulnerabilities in our software, so this is priceless in the end.

Read full review

CTO at Anzen

Mar 22, 2018

Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production.

Read full review

Senior Cloud Architect at a tech company with 1,001-5,000 employees

Mar 25, 2018

It provides a better integration for our ecosystem.

Read full review

Show 10 more reviews (out of 38)

HCL AppScan Cons review quotes

Security Consultant at a tech vendor with 501-1,000 employees

Aug 2, 2016

Better detection of DOM-based XSS Better remediation guidance using code examples and contexts

Read full review

Chief information with 5,001-10,000 employees

Mar 29, 2017

We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices.

Read full review

Application Security Consultant at a financial services firm with 10,001+ employees

Mar 29, 2017

We would like to integrate with some of the other reporting tools that we're planning to use in the future.

Read full review

Free Report: HCL AppScan Reviews and More

Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.

884,873 professionals have used our research since 2012.

PN

Security Consultant at a consultancy with 10,001+ employees

Dec 24, 2017

It has crashed at times.

Read full review

Business Development Manager at a tech services company with 10,001+ employees

Mar 21, 2018

There is not a central management for static and dynamic.

Read full review

Director Of Product Cyber Security at a aerospace/defense firm with 10,001+ employees

Mar 21, 2018

I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point.

Read full review

Senior Security Specialist at a transportation company with 10,001+ employees

Mar 22, 2018

It's a little bit basic when you talk about the Web Services. If AppScan improved its maturity on Web Services testing, that would be good.

Read full review

TH

Director For Security Products at a manufacturing company with 10,001+ employees

Mar 22, 2018

IBM Security AppScan Source is rather hard to use.

Read full review

CTO at Anzen

Mar 22, 2018

I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers.

Read full review

Senior Cloud Architect at a tech company with 1,001-5,000 employees

Mar 25, 2018

Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products.

Read full review

Show 10 more reviews (out of 38)

Product Categories

Product Categories

Application Security Tools

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Popular Comparisons

Popular Comparisons

SonarQube vs HCL AppScan

Snyk vs HCL AppScan

Checkmarx One vs HCL AppScan

GitLab vs HCL AppScan

Veracode vs HCL AppScan

Coverity Static vs HCL AppScan

GitHub Advanced Security vs HCL AppScan

Acunetix vs HCL AppScan

Mend.io vs HCL AppScan

OpenText Core Application Security vs HCL AppScan

OWASP Zap vs HCL AppScan

Sonatype Lifecycle vs HCL AppScan

PortSwigger Burp Suite Professional vs HCL AppScan

Qualys Web Application Scanning vs HCL AppScan

Invicti vs HCL AppScan

See all alternatives

Product Categories

Product Categories

Application Security Tools

Static Application Security Testing (SAST)

Dynamic Application Security Testing (DAST)

Popular Comparisons

Popular Comparisons

SonarQube vs HCL AppScan

Snyk vs HCL AppScan

Checkmarx One vs HCL AppScan

GitLab vs HCL AppScan

Veracode vs HCL AppScan

Coverity Static vs HCL AppScan

GitHub Advanced Security vs HCL AppScan

Acunetix vs HCL AppScan

Mend.io vs HCL AppScan

OpenText Core Application Security vs HCL AppScan

OWASP Zap vs HCL AppScan

Sonatype Lifecycle vs HCL AppScan

PortSwigger Burp Suite Professional vs HCL AppScan

Qualys Web Application Scanning vs HCL AppScan

Invicti vs HCL AppScan

See all alternatives

Related questions

20

Difference between IBM Appscan and HP fortify software

16

Which solution do you prefer: Fortify WebInspect or HCL AppScan?

168

If you had to both encrypt and compress data during transmission, which would you do first and why?

80

When evaluating Application Security, what aspect do you think is the most important to look for?

179

What are the threats associated with using ‘bogus’ cybersecurity tools?

136

What are the Top 5 cybersecurity trends in 2022?

67

Which application security solutions include both vulnerability scans and quality checks?

87

We're evaluating Tripwire, what else should we consider?

334

Is SonarQube the best tool for static analysis?

72

Why Do I Need Application Security Software?