IT Central Station is now PeerSpot: Here's why

HCL AppScan vs Kiuwan comparison

Cancel
You must select at least 2 products to compare!
Veracode Logo
51,336 views|29,264 comparisons
HCL Logo
10,150 views|7,818 comparisons
Kiuwan Logo
4,231 views|3,390 comparisons
Featured Review
Buyer's Guide
HCL AppScan vs. Kiuwan
July 2022
Find out what your peers are saying about HCL AppScan vs. Kiuwan and other solutions. Updated: July 2022.
610,812 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM to verify that everything's going well. If we have any outstanding issues, they get serviced and addressed.""Their dashboard is really good, overall. In my opinion, it's one of the best in the market, and I say that because we have used other service providers.""The policy reporting for ensuring compliance with industry standards and regulations is pretty comprehensive, especially around PCI. If you do the static analysis, the dynamic analysis, and then a manual penetration test, it aggregates all of these results into one report. And then they create a PCI-specific report around it which helps to illustrate how the application adheres to different standards.""The centralized view of different testing types helps reduce our risk exposure. The development teams have the freedom to choose their own libraries and languages. What happens is sometimes developers feel like a particular library is okay to use, then they will start using it, developing some functionality around it. However, as per our mandate, for every new repository that gets added and scanned, a report gets published. Based on that report, we decide if we can continue. In the past, we have found, by mistake, some developers have used copyleft licenses, which are a bit risky to use. We immediately replace these with more permissive, open-source licenses, so we are safe in the end.""In terms of secure development, the SAST scan is very useful because we are able to identify security flaws in the code base itself, for the application.""The visibility into application status helps reduce risk exposure for our software. Today, any findings provided by the DAST are reviewed by the developers and we have internal processes in place to correct those findings before there can be a release. So it absolutely does prevent us from releasing weak code.""You can easily integrate it with Azure DevOps. This is an added value because we work with Azure DevOps. Veracode is natively supported and we don't have to work with APIs.""The solution's ability to prevent vulnerable code from going into production is perfectly fine. It delivers, at least for the reports that we have been checking on Java and JavaScript. It has reported things that were helpful."

More Veracode Pros →

"The most valuable feature of HCL AppScan is scanning QR codes.""AppScan is stable.""It was easy to set up.""The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL.""It identifies all the URLs and domains on its own and then performs tests and provides the results.""The solution offers services in a few specific development languages.""There's extensive functionality with custom rules and a custom knowledge base."

More HCL AppScan Pros →

"I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local analyzer finishes, the results display on the dashboard in the cloud. It's essential for security purposes to be able to scan my code locally.""The solution offers very good technical support.""I've tried many open source applications and the remediation or correction actions that were provided by Kiuwan were very good in comparison.""I like that it provides a detailed report that lets you know the risk index and the vulnerability."

More Kiuwan Pros →

Cons
"When it comes to the speed of the pipeline scan, one of the things we have found with Veracode is that it's very fast with Java-based applications but a bit slow with C/C++ based applications. So we have implemented the pipeline scan only for Java-based applications not for the C/C++ applications.""The feature that allows me to read which mitigation answer was submitted, and to approve it, requires me to use do so in different screens. That makes it a little bit more complicated because I have to read and then I have to go back and make sure it falls under the same number ID number. That part is a little bit complicated from my perspective, because that's what I use the most.""The product has issues with scanning.""I would ask Veracode to be a lot more engaged with the customer and set up live sessions where they force the customer to engage with Veracode's technical team. Veracode could show them a repo, how they should do things, this is what these results mean, here is a dashboard, here's the interpretation, here's where you find the results.""There is much to be desired of UI and user experience. The UI is very slow. With every click, it just takes a lot of time for the pages to load. We have seen this consistently since getting this solution. The UI and UX are very disjointed.""I would like to see them provide more content in the developer training section. This field is really changing each day and there are flaws that are detected each day. Some sort of regular updates to the learning would help.""The reports on offer are too verbose.""I've seen slightly better static analysis tools from other companies when it comes to speed and ease of use."

More Veracode Cons →

"One thing which I think can be improved is the CI/CD Integration""The solution often has a high number of false positives. It's an aspect they really need to improve upon.""The solution could improve by having a mobile version.""They have to improve support.""Sometimes it doesn't work so well.""AppScan is too complicated and should be made more user-friendly.""The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."

More HCL AppScan Cons →

"Kiuwan's support has room for improvement. You can only open a ticket is through email, and the support team is outside of our country. They should have a support number or chat.""The integration process could be improved. It'll also help if it could generate reports automatically. But I'm not sure about the effectiveness of the reports. This is because, in our last project, we still found some key issues that weren't captured by the Kiuwan report.""The solution seems to give us a lot of false positives. This could be improved quite a bit.""The configuration hasn't been that good."

More Kiuwan Cons →

Pricing and Cost Advice
  • "I don't really know about the pricing, but I'd say it's worth whatever Veracode is charging, because the solution is that good."
  • "Veracode's price is high. I would like them to better optimize their pricing."
  • "If I compare the pricing with other software tools, then it is quite competitive. Whatever the price is, they have always given us a good discount."
  • "Veracode is expensive. Some of its products are expensive. I don't think it's way more expensive than its competitors. The dynamic is definitely worth it, as I think it's cheaper than the competitors. The static scan is a little bit more expensive, around 20 percent more expensive. The manual pen test is more expensive, but it is an expensive service because it's a manual pen test and we also do retests. I don't think it is way more expensive than the competitors, but it's about 15 to 20 percent more expensive."
  • "We use this product per project rather than per developer... Your development model will really determine what the best fit is for you in terms of licensing, because of the project-based licensing. If you do a few projects, that's more attractive. If you have a large number of developers, that would also make the product a little more attractive."
  • "The pricing is really fair compared to a lot of other tools on the market."
  • "It is very reasonably priced compared to what we were paying our previous vendor. For the same price, we are getting much more value and reducing our AppSec costs from 40 to 50 percent."
  • "Veracode is one of the more expensive solutions in the market, but it is worth the expense because of the eLearning and the security consultations; everything is included in the license."
  • More Veracode Pricing and Cost Advice →

  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • More HCL AppScan Pricing and Cost Advice →

  • "It follows a subscription model. I think the price is somewhere in the middle."
  • More Kiuwan Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security solutions are best for your needs.
    610,812 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis… more »
    Top Answer:Veracode's technical support is great. They assigned us a TAM and once a week, we have a brief engagement with the TAM… more »
    Top Answer:Veracode recently introduced some pricing based on microservices. This model gives us a lot of flexibility in being able… more »
    Top Answer:AppScan is too complicated and should be made more user-friendly.
    Top Answer:I mainly use AppScan for vulnerability scanning and database bridging.
    Top Answer:I like that I can scan the code without sending it to the Kiuwan cloud. I can do it locally on my device. When the local… more »
    Top Answer:Kiuwan is not as expensive as the other solutions. We pay according to the number of lines of code that have been hired… more »
    Top Answer:Kiuwan should charge based on usage
    Comparisons
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    Learn More
    Overview

    Veracode covers all your Application Security needs in one solution through a combination of five analysis types; static analysis, dynamic analysis, software composition analysis, interactive application security testing, and penetration testing. Unlike on-premise solutions that are hard to scale and focused on finding rather than fixing, Veracode comprises a unique combination of SaaS technology and on-demand expertise that enables DevSecOps through integration with your pipeline, and empowers developers to find and fix security defects.

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    Software analytics technology with a breadth of third party integrations that takes into account the wealth of applications your teams are currently using.

    We facilitate and encourage work between unlocalized teams. We understand the complexity of working on multi technology environments, constantly striving to increase the number of programming languages and technologies we support.

    Offer
    Keep your software secure

    Application security starts with secure code. Find out more about the benefits of using Veracode to keep your software secure throughout the development lifecycle.

    Learn more about HCL AppScan
    Learn more about Kiuwan
    Sample Customers
    State of Missouri, Rekner
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    DHL, BNP Paribas, Zurich, AXA, Ernst & Young, KFC, Santander, Latam, Ferrovial
    Top Industries
    REVIEWERS
    Financial Services Firm31%
    Insurance Company11%
    Computer Software Company11%
    Healthcare Company7%
    VISITORS READING REVIEWS
    Computer Software Company27%
    Comms Service Provider14%
    Financial Services Firm12%
    Manufacturing Company7%
    REVIEWERS
    Government21%
    Transportation Company14%
    Manufacturing Company14%
    Insurance Company14%
    VISITORS READING REVIEWS
    Computer Software Company33%
    Comms Service Provider17%
    Government7%
    Financial Services Firm6%
    REVIEWERS
    Legal Firm33%
    Computer Software Company22%
    Non Tech Company11%
    Wireless Company11%
    VISITORS READING REVIEWS
    Comms Service Provider25%
    Computer Software Company24%
    Financial Services Firm14%
    Manufacturing Company5%
    Company Size
    REVIEWERS
    Small Business24%
    Midsize Enterprise27%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business16%
    Midsize Enterprise14%
    Large Enterprise70%
    REVIEWERS
    Small Business24%
    Midsize Enterprise10%
    Large Enterprise66%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise12%
    Large Enterprise71%
    REVIEWERS
    Small Business68%
    Midsize Enterprise16%
    Large Enterprise16%
    VISITORS READING REVIEWS
    Small Business15%
    Midsize Enterprise24%
    Large Enterprise62%
    Buyer's Guide
    HCL AppScan vs. Kiuwan
    July 2022
    Find out what your peers are saying about HCL AppScan vs. Kiuwan and other solutions. Updated: July 2022.
    610,812 professionals have used our research since 2012.

    HCL AppScan is ranked 15th in Application Security with 7 reviews while Kiuwan is ranked 20th in Application Security with 4 reviews. HCL AppScan is rated 7.0, while Kiuwan is rated 8.2. The top reviewer of HCL AppScan writes "Improves application security, identifies gaps, and performs well". On the other hand, the top reviewer of Kiuwan writes "Scalable with good remediation capabilities and good stabilty". HCL AppScan is most compared with SonarQube, Micro Focus Fortify on Demand, PortSwigger Burp Suite Professional, OWASP Zap and Checkmarx, whereas Kiuwan is most compared with SonarQube, Micro Focus Fortify on Demand, Checkmarx, Snyk and Mend. See our HCL AppScan vs. Kiuwan report.

    See our list of best Application Security vendors and best Application Security Testing (AST) vendors.

    We monitor all Application Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.