HCL AppScan vs OWASP Zap comparison

Cancel
You must select at least 2 products to compare!
HCLTech Logo
5,763 views|4,455 comparisons
OWASP Logo
22,442 views|10,766 comparisons
Comparison Buyer's Guide
Executive Summary

We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.

Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed HCL AppScan vs. OWASP Zap Report (Updated: March 2024).
765,386 professionals have used our research since 2012.
Featured Review
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"We leverage it as a quality check against code.""It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy.""IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability.""The UI was very intuitive.""It was easy to set up.""The security and the dashboard are the most valuable features.""For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted.""The reporting part is the most valuable feature."

More HCL AppScan Pros →

"The solution is scalable.""The product discovers more vulnerabilities compared to other tools.""The HUD is a good feature that provides on-site testing and saves a lot of time.""Automatic updates and pull request analysis.""The product helps users to scan and fix vulnerabilities in the pipeline.""The community edition updates services regularly. They add new vulnerabilities into the scanning list.""The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool.""It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."

More OWASP Zap Pros →

Cons
"There is room for improvement in the pricing model.""Many silly false positives are produced.""There are so many lines of code with so many different categories that I am likely to get lost. ​""They should have a better UI for dashboards.""I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers.""IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications.""The solution's scalability can be a matter of concern because one license runs on one machine only.""We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."

More HCL AppScan Cons →

"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers.""OWASP Zap needs to extend to mobile application testing.""The forced browse has been incorporated into the program and it is resource-intensive.""Deployment is somewhat complicated.""Reporting format has no output, is cluttered and very long.""The product should allow users to customize the report based on their needs.""It needs more robust reporting tools.""Sometimes, we get some false positives."

More OWASP Zap Cons →

Pricing and Cost Advice
  • "AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
  • "With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
  • "Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
  • "HCL AppScan is expensive."
  • "I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
  • "The price is very expensive."
  • "The solution is moderately priced."
  • "The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
  • More HCL AppScan Pricing and Cost Advice →

  • "It is highly recommended as it is an open source tool."
  • "It's free and open, currently under the Apache 2 license. If ZAP does what you need it to do, selling a free solution is a very easy."
  • "OWASP ZAP is a free tool provided by OWASP’s engineers and experts. There is an option to donate."
  • "As Zap is free and open-source, with tons of features similar to those of commercial solutions, I would definitely recommend trying it out."
  • "It's free. It's good for us because we don't know what the extent of our use will be yet. It's good to start with something free and easy to use."
  • "OWASP Zap is free to use."
  • "This app is completely free and open source. So there is no question about any pricing."
  • "This is an open-source solution and can be used free of charge."
  • More OWASP Zap Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Application Security Testing (AST) solutions are best for your needs.
    765,386 professionals have used our research since 2012.
    Questions from the Community
    Top Answer:The product has valuable features for static and dynamic testing.
    Top Answer:HCL AppScan generates false results. Sometimes, it incorrectly identifies requests as vulnerable when they are not vulnerable. In the ADSL feature managed, the primary objective is to identify… more »
    Top Answer:HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient.
    Top Answer:OWASP Zap and PortSwigger Burp Suite Pro have many similar features. OWASP Zap has web application scanning available with basic security vulnerabilities while Burp Suite Pro has it available with… more »
    Top Answer:The application scanning feature is the most valuable feature.
    Ranking
    Views
    5,763
    Comparisons
    4,455
    Reviews
    17
    Average Words per Review
    339
    Rating
    7.2
    Views
    22,442
    Comparisons
    10,766
    Reviews
    12
    Average Words per Review
    360
    Rating
    7.3
    Comparisons
    Also Known As
    IBM Security AppScan, Rational AppScan, AppScan
    Learn More
    Overview

    IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

    OWASP Zap is a free and open-source web application security scanner. 

    The solution helps developers identify vulnerabilities in their web applications by actively scanning for common security issues. 

    With its user-friendly interface and powerful features, Zap is a popular choice among developers for ensuring the security of their web applications.

    Sample Customers
    Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
    1. Google 2. Microsoft 3. IBM 4. Amazon 5. Facebook 6. Twitter 7. LinkedIn 8. Netflix 9. Adobe 10. PayPal 11. Salesforce 12. Cisco 13. Oracle 14. Intel 15. HP 16. Dell 17. VMware 18. Symantec 19. McAfee 20. Citrix 21. Red Hat 22. Juniper Networks 23. SAP 24. Accenture 25. Deloitte 26. Ernst & Young 27. PwC 28. KPMG 29. Capgemini 30. Infosys 31. Wipro 32. TCS
    Top Industries
    REVIEWERS
    Government16%
    Transportation Company16%
    Manufacturing Company11%
    Insurance Company11%
    VISITORS READING REVIEWS
    Computer Software Company19%
    Financial Services Firm14%
    Government10%
    Manufacturing Company8%
    REVIEWERS
    Computer Software Company25%
    Financial Services Firm15%
    Retailer10%
    Energy/Utilities Company10%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Financial Services Firm10%
    Government7%
    Comms Service Provider7%
    Company Size
    REVIEWERS
    Small Business25%
    Midsize Enterprise11%
    Large Enterprise64%
    VISITORS READING REVIEWS
    Small Business17%
    Midsize Enterprise13%
    Large Enterprise70%
    REVIEWERS
    Small Business22%
    Midsize Enterprise30%
    Large Enterprise49%
    VISITORS READING REVIEWS
    Small Business21%
    Midsize Enterprise16%
    Large Enterprise64%
    Buyer's Guide
    HCL AppScan vs. OWASP Zap
    March 2024
    Find out what your peers are saying about HCL AppScan vs. OWASP Zap and other solutions. Updated: March 2024.
    765,386 professionals have used our research since 2012.

    HCL AppScan is ranked 12th in Application Security Testing (AST) with 39 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 36 reviews. HCL AppScan is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify WebInspect, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Acunetix, Qualys Web Application Scanning and SonarCloud. See our HCL AppScan vs. OWASP Zap report.

    See our list of best Application Security Testing (AST) vendors.

    We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.