Fortra Tripwire IP360 vs HCL AppScan comparison

The compared Fortra and HCLSoftware solutions aren't in the same category. Fortra is ranked #59 in VM , and holds a 0.7% mindshare in the category. HCLSoftware is ranked #21 in AS , with an average rating of 7.5, and holds a 2.3% mindshare. Additionally, 60% of Fortra users are willing to recommend the solution, compared to 84% of HCLSoftware users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive Summary

We performed a comparison between Fortra Tripwire IP360 and HCL AppScan based on real PeerSpot user reviews.

Find out what your peers are saying about Wiz, Tenable, Qualys and others in Vulnerability Management.

To learn more, read our detailed Vulnerability Management Report (Updated: June 2026).

Buyer's Guide

Vulnerability Management

June 2026

Download the complete report

Helped 900,644 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Qualys TotalCloud

Mindshare comparison

Vulnerability Management Mindshare Distribution
Product	Mindshare (%)
Fortra Tripwire IP360	0.7%
Wiz	4.5%
Qualys VMDR	3.9%
Other	90.9%

Vulnerability Management

Application Security Tools Mindshare Distribution
Product	Mindshare (%)
HCL AppScan	2.3%
SonarQube	12.7%
Checkmarx One	8.3%
Other	76.7%

Application Security Tools

Featured Reviews

Robert Orłowski

IT Security Expert at Alior Bank S.A.

Unified risk scoring has improved our cloud visibility and simplifies remediation priorities

Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.

Read full review

Corey Cole

Service Coordinator - Technology Security at a government with 10,001+ employees

The solution helps users to manage their entire IP range, but it's unreliable and very expensive to maintain

Only the administrator was using the product. He used it to read reports as part of our compliance programs. It wasn't heavily used by a lot of users. The tool comes in at a large scale, and we tried to scale it down. The scaling did not apply to us. It was neither difficult nor easy. I rate the scalability a five out of ten. We had some challenges while scaling it down. It could do 10,000 devices, and we wanted to use it for ten devices. The process was difficult and expensive. We did not need the product anymore.

Read full review

Ravi Khanchandani

Founder Director at Techsa Services

Has improved identification of encryption and authentication issues across cloud and on-prem applications

During the learning curve of onboarding HCL AppScan, we learned that HCL has altered the portfolio and now offers HCL AppScan 360, which has a much better look and feel with an improved user interface. However, there is one feature called SCA, which stands for Software Composition Analysis, that could be improved. When I'm doing an application scan, HCL AppScan has the ability to generate information about what components are in use. For example, if I'm scanning a web application, it shows me the various components being used. It tells me whether I have Java libraries, .NET frameworks, or other log management libraries such as Log4j, and what versions of those specific components are present. I would like to see more detailed reports from the tool. Currently, you can find out the components belonging to a specific software, but if detailed reporting became available, you would be in a better position to identify vulnerabilities. For instance, I could identify that I had the Log4j vulnerability and know that I need to fix my application accordingly. If they add the features I'm describing, I would consider giving them a higher rating. However, I've only been experienced with the product for three months.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The most valuable feature is the consolidated information that it provides from various platforms."

"The best part I like is the on-demand scans."

"I highly recommend Qualys TotalCloud to other users."

"We were able to realize its benefits within 24 to 48 hours."

"By integrating TotalCloud, we have significantly reduced vulnerabilities in our deployment pipeline."

"I appreciate TotalCloud's real-time protection and remediation features. The remediation options include automated one-click remedies and custom changes that help manage vulnerabilities efficiently."

"In my opinion, this is the best tool."

"Qualys TotalCloud's most valuable features are its security capabilities that help identify and mitigate risk factors."

More Qualys TotalCloud pros

"The company probably chose this solution because they thought that they would be getting the best bang for their buck."

"It has enhanced the security program by ensuring that all external-facing systems are scanned on a routine basis."

"It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed."

"We could manage our entire IP range with the solution."

"Tripwire is one of the most mature in terms of companies, suites, support, everything, much more than any other product."

"This product detects vulnerabilities which exist in the environment, and provides enough information that allows for remediation, thereby securing the environment."

"Tripwire IP360 helps me to discover most of the vulnerabilities, and I like the way that it prioritizes these vulnerabilities, as it allows me to focus on the most important ones first and then follow up with the rest."

"Tripwire IP360 is a very stable solution."

"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."

"Scalability, and it's a very powerful tool."

"It identifies all the URLs and domains on its own and then performs tests and provides the results."

"I prefer Appscan, as it much more user friendly, and it detects cross-site scripting and SQL injection issues much better than other tools in the market."

"You can easily find particular features and functions through the UI."

"The dynamic scan, the DAST tool, dynamic applications scanning and testing tool, is great."

"We catch them, we fix them, and we can offer a higher quality product to our clients."

"It's honestly one of the best products in the application security portfolio."

More HCL AppScan pros

Cons

"In a future release, I suggest that zero-day vulnerabilities should be predicted in advance using AI technologies. The system is not 100% secure yet, so proactive threat hunting could be enhanced to be more proactive than the current system."

"Qualys's ticketing system can be confusing when assigning tasks to individuals, and support could be improved by offering instant call solutions with engineers in addition to ticket replies."

"There is room for improvement in the support."

"A feature improvement could be the inclusion of Windows OS support for container security, as it is currently only supported for Linux."

"I think Qualys TotalCloud needs to improve its handling of zero-day vulnerabilities and supply chain management because modern ransomware attacks not only target prime critical infrastructures but also the supply chain system."

"Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."

"Qualys TotalCloud has the potential to improve by integrating a hybrid platform for comprehensive management of both on-premises and cloud infrastructures."

"The patching process with Qualys Patch Management, which is part of TotalCloud, does not cover installing certain prerequisites on the servers or workstations. This shortcoming means we must rely on SCCM when any service stack updates or additional prerequisites are needed."

More Qualys TotalCloud cons

"I am not very impressed by the technical support."

"We need to dedicate time and resources to keep it running."

"We would like to have better reporting capabilities and for them to be more granular."

"The reporting functions can use improvement."

"For IP360, unfortunately, scans for certain vulnerabilities often cause issues, as they are mainly false positive."

"The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side."

"If you are looking for better reporting capabilities and vulnerability tracking over time for remediation purposes, then this is not the best solution."

"Unfortunately, there is a big discussion if it is very expensive to use it or not, and there are competitors."

"AppScan is too complicated and should be made more user-friendly."

"There is one feature called SCA, which stands for Software Composition Analysis, that could be improved."

"One thing which I think can be improved is the CI/CD Integration"

"Scans become slow on large websites."

"There are so many lines of code with so many different categories that I am likely to get lost. "

"The solution often has a high number of false positives. It's an aspect they really need to improve upon."

"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."

More HCL AppScan cons

Pricing and Cost Advice

"The pricing is comparable. It is built into our other product, so I cannot piecemeal it. It is a part of our subscription."

"While Qualys TotalCloud's pricing is currently acceptable, it is becoming increasingly expensive and may soon be considered overpriced."

"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."

"TotalCloud's price is about right where I would expect it to be."

"Its price seems higher compared to other tools, but it is worth it. If they could adjust the pricing and make it comparable with other tools, that would be great."

"The cost is high, but it meets our organizational needs."

"I am not sure about the pricing. From what I understand, it is a bit on the higher side, but I do not have the exact numbers."

"Qualys TotalCloud is expensive."

More Qualys TotalCloud pricing and cost advice

"I believe the price compares well within the market."

"The product was expensive for us."

"The solution is moderately priced."

"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."

"The tool was expensive."

"The product has premium pricing and could be more competitive."

"HCL AppScan is expensive."

"The solution is cheap."

"The product is moderately priced, though it's an investment due to extensive code analysis needs."

"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."

More HCL AppScan pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.

See recommendations

900,644 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Manufacturing Company

18%

Financial Services Firm

14%

Construction Company

Comms Service Provider

Manufacturing Company

12%

Construction Company

11%

Comms Service Provider

10%

Financial Services Firm

11%

Manufacturing Company

Government

Computer Software Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

By reviewers
Company Size	Count
Small Business	10
Midsize Enterprise	3
Large Enterprise	29

By reviewers
Company Size	Count
Small Business	2
Midsize Enterprise	1
Large Enterprise	4

By reviewers
Company Size	Count
Small Business	14
Midsize Enterprise	6
Large Enterprise	31

Questions from the Community

What is your experience regarding pricing and costs for Qualys TotalCloud?

The price is very expensive, actually.

See all answers

What needs improvement with Qualys TotalCloud?

Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...

See all answers

What is your primary use case for Qualys TotalCloud?

Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...

See all answers

Ask a question

Earn 20 points

What needs improvement with HCL AppScan?

During the learning curve of onboarding HCL AppScan, we learned that HCL has altered the portfolio and now offers HCL...

See all answers

What is your primary use case for HCL AppScan?

I'm currently working with BigFix and HCL AppScan. At least three people in my company are using HCL AppScan. Since w...

See all answers

What is your experience regarding pricing and costs for HCL AppScan?

AppScan is considered more cost-effective than Veracode, although I have not updated the exact pricing details. Compa...

See all answers

Comparisons

Wiz vs Qualys TotalCloud

Compared 12% of the time

Microsoft Defender for Cloud vs Qualys TotalCloud

Compared 8% of the time

Prisma Cloud by Palo Alto Networks vs Qualys TotalCloud

Compared 6% of the time

JupiterOne vs Qualys TotalCloud

Compared 5% of the time

Nucleus Security vs Qualys TotalCloud

Compared 5% of the time

More Qualys TotalCloud Competitors

Tenable Nessus vs Fortra Tripwire IP360

Compared 12% of the time

Tenable Security Center vs Fortra Tripwire IP360

Compared 9% of the time

Checkmarx One vs Fortra Tripwire IP360

Compared 9% of the time

IBM Guardium Vulnerability Assessment vs Fortra Tripwire IP360

Compared 6% of the time

More Fortra Tripwire IP360 Competitors

Veracode vs HCL AppScan

Compared 8% of the time

Checkmarx One vs HCL AppScan

Compared 7% of the time

PortSwigger Burp Suite Professional vs HCL AppScan

Compared 7% of the time

SonarQube vs HCL AppScan

Compared 6% of the time

Acunetix vs HCL AppScan

Compared 6% of the time

More HCL AppScan Competitors

Product Reports

Buyer's Guide

Qualys TotalCloud

June 2026

Download Qualys TotalCloud product report

Buyer's Guide

Fortra Tripwire IP360

June 2026

Download Fortra Tripwire IP360 product report

Buyer's Guide

HCL AppScan

June 2026

Download HCL AppScan product report

Also Known As

Qualys TotalCloud with FlexScan

IP360

IBM Security AppScan, Rational AppScan, AppScan

Overview

Qualys TotalCloud enhances security posture across cloud environments with continuous monitoring, vulnerability management, and risk visualization, ensuring efficient threat assessment and automated remediation for improved cyber risk reduction.

Qualys TotalCloud offers a robust suite of security tools essential for organizations managing multi-cloud infrastructures. By integrating cloud accounts and automating workflows, it supports AWS, Azure, and GCP, offering comprehensive vulnerability management and zero-day detection. The platform's user-friendly design, combined with its extensive risk management and unified threat assessment capabilities, enables organizations to prioritize and remediate vulnerabilities effectively. TruRisk Insights provides clear insights on cyber risks, while the automation options streamline patch management and scanning processes. API integration across IaaS and SaaS environments further enhances resource allocation efficiency and saves time, addressing misconfigurations across cloud environments.

What are the most important features of Qualys TotalCloud?

Accurate Vulnerability Reports: Delivers precise and actionable insights for risk mitigation.
Zero-Day Detection: Identifies and addresses zero-day vulnerabilities proactively.
Unified Threat Assessment: Offers comprehensive evaluation of threats across the environment.
Extensive Risk Management: Manages risks effectively with advanced insights and prioritization.
Continuous Monitoring: Provides non-stop surveillance for vulnerabilities and threats.
Cloud-Native Automation: Streamlines processes and reduces manual efforts using automation.
FlexScan for Internet-Facing VMs: Scans external VMs efficiently to detect vulnerabilities.
Dashboard Risk Visualization: Clear visualization helps prioritize vulnerabilities.

What benefits and ROI should users look for?

Improved Security Posture: Enhances threat detection and response across clouds.
Time Savings: Automation reduces time spent on manual vulnerability management.
Resource Efficiency: Better allocation of resources through streamlined workflows.
Enhanced Risk Prioritization: Focus on critical vulnerabilities for effective mitigation.
Integrated Cloud Accounts: Facilitates seamless cloud management and security.

Qualys TotalCloud is deployed in sectors needing rigorous vulnerability management, such as finance and healthcare. Companies utilize it to secure multi-cloud environments like AWS, Azure, and GCP, focus on compliance, and integrate security into CI/CD pipelines to detect and remedy threats pre-deployment.

Qualys

Tripwire IP360 is a powerful vulnerability management solution that identifies and prioritizes network vulnerabilities for remediation. It is highly effective in scanning devices and applications, improving security posture, ensuring compliance, and managing risks.

Users value its detailed reporting, user-friendly interface, and seamless integration with other security tools for efficient security management.

Fortra

HCL AppScan offers quick vulnerability detection with effective SDLC integration and is known for its user-friendly interface and seamless security integration.

HCL AppScan provides dynamic and static scanning to identify vulnerabilities like XSS and SQL injection. It integrates well into CI/CD pipelines, supports multiple languages, and offers web and dynamic scanning, helping businesses ensure security across development lifecycles. Users benefit from API coverage, Postman integration, and its ability to function in cloud and on-premise environments, facilitating a shift from DevOps to DevSecOps practices.

What features define HCL AppScan?

User-friendly interface: Simplifies navigation and usage.
Vulnerability detection: Quickly identifies issues like XSS and SQL injection.
Integration with SDLC: Seamlessly blends with development processes.
Dynamic scanning: Offers comprehensive security evaluations.
Multiple language support: Supports diverse programming environments.

What benefits should users consider?

Scalability: Adapts to growing needs and projects.
Low false-positive rates: Delivers accurate and reliable results.
Detailed reporting: Provides comprehensive vulnerability insights.
Effective integration: Enhances CI/CD pipeline security.

HCL AppScan is leveraged in sectors requiring rigorous security checks, such as finance and healthcare, where it conducts comprehensive scans and offers insights into potential vulnerabilities. Its robust scanning capabilities aid companies in maintaining compliance and security standards.

HCLSoftware

Sample Customers

Information Not Available

1. Aetna 2. Accenture 3. Adidas 4. AIG 5. Airbus 6. Akamai 7. Amazon 8. American Express 9. Aon 10. Apple 11. ATT 12. Autodesk 13. Bank of America 14. Barclays 15. Bayer 16. Bechtel 17. BlackRock 18. Boeing 19. BNP Paribas 20. Cisco 21. CocaCola 22. Comcast 23. Dell 24. Deutsche Bank 25. eBay 26. ExxonMobil 27. FedEx 28. Ford 29. General Electric 30. Google 31. HP 32. IBM

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

Buyer's Guide

Vulnerability Management

June 2026

Download Free Report

Find out what your peers are saying about Wiz, Tenable, Qualys and others in Vulnerability Management. Updated: June 2026.

DOWNLOAD NOW

900,644 professionals have used our research since 2012.

We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.