We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Application Security Testing (AST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We leverage it as a quality check against code."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"The UI was very intuitive."
"It was easy to set up."
"The security and the dashboard are the most valuable features."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"The reporting part is the most valuable feature."
"The solution is scalable."
"The product discovers more vulnerabilities compared to other tools."
"The HUD is a good feature that provides on-site testing and saves a lot of time."
"Automatic updates and pull request analysis."
"The product helps users to scan and fix vulnerabilities in the pipeline."
"The community edition updates services regularly. They add new vulnerabilities into the scanning list."
"The OWASP's tool is free of cost, which gives it a great advantage, especially for smaller companies to make use of the tool."
"It has evolved over the years and recently in the last year they have added, HUD (Heads Up Display)."
"There is room for improvement in the pricing model."
"Many silly false positives are produced."
"There are so many lines of code with so many different categories that I am likely to get lost. "
"They should have a better UI for dashboards."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"I prefer Burp Suite to SWASP Zap because of the extensive coverage it offers."
"OWASP Zap needs to extend to mobile application testing."
"The forced browse has been incorporated into the program and it is resource-intensive."
"Deployment is somewhat complicated."
"Reporting format has no output, is cluttered and very long."
"The product should allow users to customize the report based on their needs."
"It needs more robust reporting tools."
"Sometimes, we get some false positives."
HCL AppScan is ranked 12th in Application Security Testing (AST) with 39 reviews while OWASP Zap is ranked 8th in Application Security Testing (AST) with 36 reviews. HCL AppScan is rated 7.6, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify WebInspect, whereas OWASP Zap is most compared with SonarQube, PortSwigger Burp Suite Professional, Acunetix, Qualys Web Application Scanning and SonarCloud. See our HCL AppScan vs. OWASP Zap report.
See our list of best Application Security Testing (AST) vendors.
We monitor all Application Security Testing (AST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.