Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs OpenText Dynamic Application Security Testing vs Veracode comparison

The compared HCLSoftware and OpenText solutions aren't in the same category. HCLSoftware is ranked #15 in AS , with an average rating of 8.3, and holds a 2.7% mindshare in the category. OpenText is ranked #3 in DAST , with an average rating of 8.0, and holds a 18.1% mindshare. Additionally, 83% of HCLSoftware users are willing to recommend the solution, compared to 83% of OpenText users who would recommend it.
HCL AppScan
Read 43 HCL AppScan reviews
  • 4,632 Views
  • 3,381 Comparison Views
83% willing to recommend
OpenText Dynamic Applicatio...
Read 22 OpenText Dynamic Application Security Testing reviews
  • 3,484 Views
  • 906 Comparison Views
83% willing to recommend
Veracode
Read 202 Veracode reviews
  • 20,179 Views
  • 13,318 Comparison Views
89% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between HCL AppScan, OpenText Dynamic Application Security Testing, and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Application Security Tools Report (Updated: July 2025).
Buyer's Guide
Application Security Tools
July 2025
Download the complete report
Helped 864,574 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

Application Security Tools
Dynamic Application Security Testing (DAST)
Application Security Tools
 

Featured Reviews

Sthembiso Zondi - PeerSpot reviewer
Has a straightforward setup process and valuable security features
We use AppScan primarily for security testing and performance monitoring across our systems The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall…
Read full review
Navin N - PeerSpot reviewer
Effective scanning of diverse file extensions with fast reporting and issue resolution
We develop software packages for clients, and these clients are mostly in the BFSI sector. The packages need to be scanned, and we engage Fortify WebInspect for this.  Customers typically perform their own application pen tests, but in some cases, we have engagements where customers want us to scan…
Read full review
Sajal Sharma - PeerSpot reviewer
Offers shift-left security strategy and helps us with the latest security configurations, OWASP standards, and SAST standards
It's robustness is the main benefit to the organization. As it gets upgraded with time, it also improves the coverage – security configuration coverages and vulnerability coverages. It also updates itself with the latest known vulnerabilities that are uploaded to the NVD, OWASP, or other databases. So it gets upgraded itself with that. And so with each upgrade, it gets better and better. The solution offers the ability to prevent vulnerable code from going into production. It provides us with a report containing multiple remediations and mitigations for each vulnerability. For example, if it finds a cross-site scripting vulnerability, it will also include references like CWE and CVE records, instructions on how to fix it, and the specific line of code or module where the vulnerability is present. This helps us fix the issues accordingly. I'm a penetration tester and DevSecOps engineer. I evaluate the findings, mark false positives, and manually exploit vulnerabilities if they exist. If we need further clarification, we raise a ticket with the Veracode team and get consultancy from them. We are a software development team. If we find a vulnerability, I exploit it and come back with the best possible mitigation, and the dev team fixes it. If we use Veracode Fix, it might use third-party implementations or make changes we aren't aware of. We need to be very aware of what our application is using internally. It should be known to us. As per my experience, the solution's policy reporting ensures compliance with industry standards. It comes with multiple features. I get the most out of it, and it's good. The solution provides visibility into application status at every phase of development. Like static analysis, dynamic analysis, software composition, and manual penetration tests - throughout the SDLC We have a pipeline that I maintain. I use the Veracode API account and have integrated it with AWS and our Jenkins pipeline. We use Snyk for SCA and Veracode for SAST scanning. At the earliest stage of the build, the SAST scan runs along with the JS and PHP files. It provides us with reports, which are then handed over to the other tools we depend on. If I validate the report or check the Veracode dashboard and find vulnerabilities, I mark them as false positives or existing issues. We work on multiple projects, but the one I'm handling these days only uses Veracode for SAST. It's been about one and a half years since I've been working with Veracode and this project. It is quite impressive. There are some things Veracode cannot find, like code obfuscations inside the code and some insecure randoms. Sometimes, it misses those flaws. But overall, if I compare it with other tools, it is better. I will definitely recommend others to use this tool. We run the scan before each deployment. If the dev team builds a new module or something, we scan it along with all the files. If we find anything, we get it fixed. That's how it works. Veracode is quite important to the organization's shift-left security strategy because we make a scan for each deployment. Sometimes, if I think we need to perform a shift-left, I just make a scan before deployment and check for any misconfiguration or vulnerability in the code.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"It was easy to set up."
"The solution is easy to use."
"The reporting part is the most valuable feature."
"Compared to other tools only AppScan supports special language."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
More HCL AppScan pros
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"The solution is easy to use."
"The transaction recorder within WebInspect is easy to use, which is valuable for our team."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"Guided Scan option allows us to easily scan and share reports."
"Fortify WebInspect is a scalable solution, it is good for a lot of applications."
"The most valuable feature of this solution is the ability to make our customers more secure."
"The user interface is ok and it is very simple to use."
More OpenText Dynamic Application Security Testing pros
"Veracode is a cloud-based platform, where they manage all the back-end, and they do a lot of analysis during the scans, and they do a lot of post-scan reconciliation."
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"The installation was straightforward."
"The best feature is definitely the detailed reports. It provides code-related queries in the order of high, medium, and low depending on what we need to do. Veracode is user-friendly as well."
"I like Veracode's static analysis. It was one of the core development tools when I worked with a telecommunication company where we were delivering new features for various applications and purposes each week, such as CRM, data channels, compliance, traffic data, etc."
"Veracode is easy to use even if you're not a security professional. I like the dynamic analysis feature, which offers a lot of cost savings when used in production."
"The source composition analysis had very good reporting."
"I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabilities."
More Veracode pros
 

Cons

"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"The penetration testing feature should be included."
"The databases for HCL are small and have room for improvement."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"The product has some technical limitations."
"They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
More HCL AppScan cons
"I would like WebInspect's scanning capability to be quicker."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate."
"Not sufficiently compatible with some of our systems."
"We have had a problem with authentification."
"Lately, we've seen more false negatives."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"We have often encountered scanning errors."
More OpenText Dynamic Application Security Testing cons
"If the dynamic scan is improved, then the speed might go up. That is somehow not happening. We have raised this concern. It might also help if they could time limit scans to 24 hours instead of letting them go for three days. Then, whatever results could be shared, even if the scan is not complete, that would definitely help us."
"I would like Veracode to add more language support."
"It needs to reach the level of Checkmarx's and Fortify Software's capabilities and service levels, or may further loosen the market share."
"In some cases we use their APIs; they're not as rich as I would like."
"The scanning is a little slow, but other than that it's fine. It's usually when the binaries get up into the multi-hundred megabyte size."
"It would be nice if Veracode were bundled with some preferred vendors like Salesforce and offered at a discount."
"In the next release, I would like a proper way of packaging files for scanning and the packing of IOS apps and API Dynamic scan methodology."
"Veracode should make it easier to navigate between the solutions that they offer, i.e. between dynamic, static, and the source code analysis."
More Veracode cons
 

Pricing and Cost Advice

"I rate the product's price a seven on a scale of one to ten, where one is low, and ten is high. HCL AppScan is an expensive tool."
"The solution is moderately priced."
"The tool was expensive."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"The solution is cheap."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"HCL AppScan is expensive."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
More HCL AppScan pricing and cost advice
"Fortify WebInspect is a very expensive product."
"Our licensing is such that you can only run one scan at a time, which is inconvenient."
"The pricing is not clear and while it is not high, it is difficult to understand."
"It’s a fair price for the solution."
"This solution is very expensive."
"Its price is almost similar to the price of AppScan. Both of them are very costly. Its price could be reduced because it can be very costly for unlimited IT scans, etc. I'm not sure, but it can go up to $40,000 to $50,000 or more than that."
"The price is okay."
"It's worth the value"
"I wouldn't really recommend Veracode for a small firm, because it might be a little pricey for them. But for a large organization, with more than 1,000 applications in the enterprise, there are tiered levels of pricing."
"No issues, the pricing seems reasonable."
"The pricing of the product depends upon the number of codes or the number of applications."
"Aside from the standard licensing fees, we also have to pay for a competent Success Manager."
"Veracode is a very expensive product."
"It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
"As compared to others, it is a costly solution. It is overpriced, and many organizations with a limited budget cannot afford it. That is why they are going for other tools, but those tools are not that effective. Veracode is better in terms of quality. If you want good service, you have to pay for it."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
864,574 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
13%
Government
10%
Manufacturing Company
10%
Financial Services Firm
15%
Government
15%
Manufacturing Company
13%
Computer Software Company
10%
Financial Services Firm
16%
Computer Software Company
16%
Manufacturing Company
8%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
See all answers
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar ...
See all answers
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We us...
See all answers
What do you like most about Fortify WebInspect?
The solution's technical support was very helpful.
See all answers
What is your experience regarding pricing and costs for Fortify WebInspect?
The price of Fortify WebInspect is high, with the cost depending on the number of virtual users. It is approximately ...
See all answers
What needs improvement with Fortify WebInspect?
The main area for improvement in Fortify WebInspect is the price, as it is too high compared to the market rate. The ...
See all answers
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...
See all answers
What do you like most about Veracode?
The SAST and DAST modules are great.
See all answers
What is your experience regarding pricing and costs for Veracode?
The product’s price is a bit higher compared to other solutions. However, the tool provides good vulnerability and da...
See all answers
 

Comparisons

Acunetix vs HCL AppScan Logo
Acunetix vs HCL AppScan
Compared 13% of the time
SonarQube Server (formerly SonarQube) vs HCL AppScan Logo
SonarQube Server (formerly SonarQube) vs HCL AppScan
Compared 12% of the time
OWASP Zap vs HCL AppScan Logo
OWASP Zap vs HCL AppScan
Compared 8% of the time
OpenText Core Application Security vs HCL AppScan Logo
OpenText Core Application Security vs HCL AppScan
Compared 7% of the time
GitHub Code Scanning vs HCL AppScan Logo
GitHub Code Scanning vs HCL AppScan
Compared 3% of the time
More HCL AppScan Competitors
PortSwigger Burp Suite Professional vs OpenText Dynamic Application Security Testing Logo
PortSwigger Burp Suite Professional vs OpenText Dynamic Application Security Testing
Compared 18% of the time
OWASP Zap vs OpenText Dynamic Application Security Testing Logo
OWASP Zap vs OpenText Dynamic Application Security Testing
Compared 11% of the time
Qualys Web Application Scanning vs OpenText Dynamic Application Security Testing Logo
Qualys Web Application Scanning vs OpenText Dynamic Application Security Testing
Compared 8% of the time
Acunetix vs OpenText Dynamic Application Security Testing Logo
Acunetix vs OpenText Dynamic Application Security Testing
Compared 8% of the time
Invicti vs OpenText Dynamic Application Security Testing Logo
Invicti vs OpenText Dynamic Application Security Testing
Compared 5% of the time
More OpenText Dynamic Application Security Testing Competitors
SonarQube Server (formerly SonarQube) vs Veracode Logo
SonarQube Server (formerly SonarQube) vs Veracode
Compared 17% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 10% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 7% of the time
OpenText Core Application Security vs Veracode Logo
OpenText Core Application Security vs Veracode
Compared 4% of the time
SonarQube Cloud (formerly SonarCloud) vs Veracode Logo
SonarQube Cloud (formerly SonarCloud) vs Veracode
Compared 3% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
HCL AppScan
July 2025
HCL AppScan reportDownload HCL AppScan product report
Buyer's Guide
OpenText Dynamic Application Security Testing
July 2025
OpenText Dynamic Application Security Testing reportDownload OpenText Dynamic Application Security Testing product report
Buyer's Guide
Veracode
July 2025
Veracode reportDownload Veracode product report
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
Micro Focus WebInspect, WebInspect
Crashtest Security , Veracode Detect
 

Overview

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

HCLSoftware

OpenText Dynamic Application Security Testing offers robust scalability, ease of use, and high accuracy in scanning, making it a valuable tool for enterprises.

This security testing platform is known for its centralized dashboard, guided scans, and comprehensive reporting. It integrates seamlessly with tools like Fortify code scanner and supports extensive vulnerability detection and analysis, enhancing efficiency in security management. Despite its strengths, users suggest improvements in cloud integration, cost-effectiveness, and installation processes. Faster scans, reduced false positives, and improved mobile testing features are also desired.

What are the key features of OpenText Dynamic Application Security Testing?
  • Scalability: Easily adapts to changing enterprise needs.
  • Ease of Use: User-friendly interface with guided scans.
  • Comprehensive Reporting: Detailed vulnerability analysis and reporting.
  • Integration Capabilities: Works with Fortify code scanner and user authentication scanning.
  • Wide Vulnerability Detection: Identifies extensive security vulnerabilities.
What benefits should users expect from reviews?
  • Efficient Vulnerability Management: Streamlines security management in development environments.
  • Detailed Analysis: Provides in-depth insights into security issues.
  • Quick Setup: Easy to deploy within existing systems.
  • Enterprise Preference: Supports enterprise environments efficiently.

In industries like BFSI, OpenText Dynamic Application Security Testing is employed for performance network application testing, dynamic and static application security testing, and code checks. Security and QA teams use it in development processes to ensure application security prior to release, proving integral in both enterprise and testing environments.

OpenText

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Aaron's
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Application Security Tools
July 2025
Download Free Report
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: July 2025.
DOWNLOAD NOW
864,574 professionals have used our research since 2012.