We performed a comparison between HCL AppScan, Ixia BreakingPoint, and Veracode based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Testing (AST).
"There's extensive functionality with custom rules and a custom knowledge base."
"The security and the dashboard are the most valuable features."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"The UI was very intuitive."
"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase."
"Technical support is helpful."
"I like the recording feature."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"There is a virtual version of the product which is scaled to 100s of virtual testing blades."
"It is a scalable solution."
"We use Ixia BreakingPoint for Layer 7 traffic generation. That's what we like."
"The solution has many protocols and options, making it very flexible."
"I like that we can test cloud applications."
"The most valuable feature of Ixia BreakingPoint is the ransomware and malware database for simulated attacks."
"The DDoS testing module is useful and quick to use."
"I like the sandbox, the ability to upload compiled code, and how easy it is."
"It's helping us with security and making sure that we develop faster. It's able to scan every vulnerability. It's very powerful software that one can use to make sure that you have a very good, secure platform."
"It has almost completely eliminated the presence of SQLi vulnerabilities."
"The Veracode support team is excellent."
"We used it for performing security checks. We have many Java applications and Android applications. Essentially it was used for checking the security validations for compliance purposes."
"It is SaaS hosted. That makes it very convenient to use. There is no initial time needed to set up an application. Scanning is a matter of minutes. You just log in, create an application profile, associate a security configuration, and that's about it. It takes 10 minutes to start. The lack of initial lead time or initial overhead to get going is the primary advantage."
"The article scanning is excellent."
"To me, the principal feature is the CLI (command-line interface) because I put together a lot of implementations using it. Another important aspect is the low false-positive rate because the solution is very configurable. It is as low as 1 percent and that is a huge difference compared to competitors."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"They should have a better UI for dashboards."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"The databases for HCL are small and have room for improvement."
"They could add a software component analysis tool."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"The quality of the traffic generation could be improved with Ixia BreakingPoint, i.e. to get closer to being accurate in what a real user will do."
"They should improve UI mode packages for the users."
"I would appreciate some preconfigured network neighborhoods, which are predefined settings for testing networks."
"The price could be better."
"The integration could improve in Ixia BreakingPoint."
"The solution originally was hard to configure; I'm not sure if they've updated this to make it simpler, but if not, it's something that could be streamlined."
"The production traffic simulations are not realistic enough for some types of DDoS attacks."
"Mitigation review isn't always super easy."
"There are many times when their product goes to check my code and it dies, and I don't know why. I've contacted support and they're not really helpful with this particular problem. I go to the logs and I look at what I can but I can't tell why the check process has essentially just died in the middle of checking."
"The interface is too complex."
"The interface is one thing I find a little challenging. Veracode's interface feels a little outdated compared to other solutions, and it could be modernized. I'm mostly happy with the features, but Vercaode could add Docker image scanning."
"In some cases we use their APIs; they're not as rich as I would like."
"The documentation is poor and the technical support isn't helpful."
"The solution could improve the Dynamic Analysis Security Testing(DAST)."
"It can be a bit complex because it takes a lot of time to have it complete the task."
