Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Perfecto vs Veracode comparison

The compared HCLSoftware and Perforce solutions aren't in the same category. HCLSoftware is ranked #15 in AS , with an average rating of 8.3, and holds a 2.5% mindshare in the category. Perforce is ranked #4 in MTT , and holds a 5.2% mindshare. Additionally, 84% of HCLSoftware users are willing to recommend the solution, compared to 88% of Perforce users who would recommend it.
HCL AppScan
Read 43 HCL AppScan reviews
  • 4,377 Views
  • 3,108 Comparison Views
84% willing to recommend
Perfecto
Read 23 Perfecto reviews
  • 3,665 Views
  • 660 Comparison Views
88% willing to recommend
Veracode
Read 204 Veracode reviews
  • 19,095 Views
  • 12,221 Comparison Views
90% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between HCL AppScan, Perfecto, and Veracode based on real PeerSpot user reviews.

Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Application Security Tools Report (Updated: September 2025).
Buyer's Guide
Application Security Tools
September 2025
Download the complete report
Helped 869,160 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Mindshare comparison

Application Security Tools Market Share Distribution
ProductMarket Share (%)
HCL AppScan2.5%
SonarQube Server (formerly SonarQube)20.5%
Checkmarx One10.4%
Other66.6%
Application Security Tools
Mobile App Testing Tools Market Share Distribution
ProductMarket Share (%)
Perfecto5.2%
Tricentis Tosca32.9%
OpenText Functional Testing20.5%
Other41.4%
Mobile App Testing Tools
Application Security Tools Market Share Distribution
ProductMarket Share (%)
Veracode7.7%
SonarQube Server (formerly SonarQube)20.5%
Checkmarx One10.4%
Other61.4%
Application Security Tools
 

Featured Reviews

Gladwin Christian - PeerSpot reviewer
A useful tool to scan applications that can be easily installed
Given that we have been using HCL AppScan for many years, I think the setup process is not difficult at all. Sometimes, some issues stop or prevent my company from moving forward with the product's setup phase. We have to call HCL's support team and engage in long discussions to smoothly carry out the setup phase. In general, the product's setup phase is not difficult in our company. The solution is deployed on an on-premises model. The licenses for the solution are available only on cloud deployments nowadays. The solution is already installed in our environment. Every time a new release or software comes out from HCL, our company does a scan, which takes maybe a day or two.
Read full review
Rodrigo Candido Costa - PeerSpot reviewer
The solution saves us money because the cost of each license is 10 times lower than what we would spend to maintain infrastructure here
Sometimes, when the automated tests sync up or we have to debug remotely, we cannot interact directly with the device. We can interact with the code in the debugging tool, but we cannot directly click on the element on the screen or send other kinds of inputs to the device. This is possible with other tools. Also, it would be nice if there were some kind of API to get a list of available devices. Currently, we have to look at the web interface to see the available devices, but the pipelines can't do it on their own there. We always need to do this manually, so it would be better if this feature was automated.
Read full review
Kv Rao - PeerSpot reviewer
Integrates pipelines smoothly and fortifies code against vulnerabilities
I use Veracode in multiple places including static code analysis, penetration testing, and dynamic code analysis. It is part of our pipeline and integrates well with Bitbucket and Git pipelines The ease of integration with Bitbucket pipelines and Git pipelines is vital for us. Veracode allows us…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The static scans are good, and the SaaS as well."
"The product has valuable features for static and dynamic testing."
"The product is useful, particularly in its sensitivity and scanning capabilities."
"I like the recording feature."
"The solution is easy to use."
More HCL AppScan pros
"I also like the reporting functions. We are constantly downloading these reports and sharing them with our final customers. They help us understand what kind of bugs are happening through the applications. The recording feature is handy because it lets us see a video of the process we run through the pipeline and discover the point at which the automation is breaking."
"The CI dashboard tool is very good, as is the Live Stream monitoring. Whenever I want to monitor execution, I can open multiple tabs in Perfecto and it is easy for me to refer to the CI dashboard and the Live Stream."
"The reporting feature is really tough to find in some of the other products that are competitors. Having your CITB type dashboard, where we can see the test results and see recordings of each test that passed or failed, is probably one of the distinguishing aspects of Perfecto."
"The number one feature, which if we didn't have out-of-the-box would be missed, is the fact that we have video execution. That gives us the ability to view errors or defects in the progression, from beginning to the end of the video."
"It creates a faster production cycle and is quick to market. Things get deployed earlier because the testing happens on time. We can do a lot of panelization, so a lot of test phases can happen in a panel. People don't have to wait for a device to come to them. They can access multiple devices at the same time and do testing at the same time."
"In terms of cross-platform testing, they offer all of it, every device available in the market. It covers real scenarios that mimic production so that we don't miss out on any devices that our clients might be using to run the applications we develop. It's been great and very helpful."
"Perfecto has affected our software quality in a good way. It has allowed us to execute on-demand and on-choice. We also track the number of issues that we find in the product. Every single day, we tag the issues that we found. For example, if something was found by automation, that means it was found by a Perfecto execution. Over time, we realized the real value in tracking those numbers. We can see now that we have clearly been finding issues earlier. It has allowed us to catch our defects earlier, thus improving the quality of our applications."
"We're working in Agile and we need results ASAP. The fact that the lab provides same-day access to new devices is extremely important to us."
More Perfecto pros
"It can be very hard to make a good lab environment with a console with log windows and code bases. What I like about Veracode is that they managed to do that. It has a very responsive graphical user interface and has worked very well. I was very pleased with that."
"Veracode provides guidance for fixing vulnerabilities. It enables developers to write secure code from the start by pointing them to the problematic line of code, and saying, "This function/method has security vulnerabilities," then suggests alternatives to fix it. Then, we adopt their suggestions of the tool. By implementing it in the right way, we can fix the issue. For example, if the tool has found a method where it copied one piece of memory into another piece of memory in the code. The tool points to problematic methods with the vulnerability and provides ways to code it more securely. By adopting their suggestions, we are fixing this vulnerability."
"The solution's ability to help create secure software is very valuable. We're a zero-trust networking company so we want to have the ability to say that we're practicing security seriously. Having something like Veracode allows us to have confidence when we're speaking to people about our product that we can back up what we're doing with a certification, with a reputable platform, and say, "This is what we're using to scan an application. Here's the number of vulnerabilities that are on an application. And here's the risk that we're accepting.""
"I appreciate the integration provided by Veracode that seamlessly integrates with our CI/CD tools and allows us to integrate with IPA as well."
"The SCA, agent-based analysis, is valuable. SAST and DAST take time, while this is quite fast. It gives the results very quickly. We have implemented it into our CI/CD pipeline."
"The automation of Veracode is great because we no longer have to run manual testing."
"Vericode's policy reporting for ensuring compliance with industry standards and regulations is great. I"
"Also, our customers benefited from the added security assurance of our applications, as they’ve been able to identify OWASP top-10 application vulnerabilities without a manual tester."
More Veracode pros
 

Cons

"AppScan needs to improve its handling of false positives."
"The solution could improve by having a mobile version."
"AppScan is too complicated and should be made more user-friendly."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"Sometimes it doesn't work so well."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"I would love to see more containers. Many of the tools are great, they require an amount of configuration, setup and infrastructure. If most the applications were in a container, I think everything would be a little bit faster, because all our clients are now using containers."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
More HCL AppScan cons
"I would like to see the inclusion of machine learning features. If we can have that, it will be a better tool."
"We don't use Perforce's BlazeMeter with Perfecto. From my perspective, it's not really relevant."
"The flakiness, or the accuracy, of the test execution can be improved. Also, the responsiveness of their cloud lab could be improved as well."
"Previously, we used the cradle. Every time the mobile was blocking it, we would have to ask Perfecto to provide another one. That took a lot of time away from us."
"One improvement would be speed of execution. If it is an iOS native app, we have noticed that the speed is a bit slower. Perfecto might need to make some improvements in this area."
"There could be some improvements done on the interface. At times, there has been a bit of a struggle when finding things on the interface. A UI revamp would be a better option in future. That UI hasn't changed much in a long time, so I think they could just make it a bit better so that people could find stuff easily and intuitively."
"I'm hoping that Perfecto will come up with browser testing as well because it would be easier to access it."
"There was a discussion about having the capability to export the test results to a certain tool that we use in our project. If that were added it would be great not having to manually take screenshots, put them in a document, and share them on the different test management tools."
More Perfecto cons
"Veracode can be slow at times and has room for improvement, which may cause delays in our products and prolonged static scans."
"It's very expensive for a small organization."
"The reporting was detailed, but there were some things that were missing. It showed us on which line an error was found, but it could have been more detailed."
"It could have better integration with our pipeline. If we could have better integration with our application pipeline, e.g., Jira, Bamboo, or Azure DevOps, then that will be very helpful. Right now, it is quite hard to integrate the solution into our existing pipeline."
"Veracode has a few shortcomings in terms of how they handle certain components of the UI. For example, in the case of the false positive, it would be highly desirable if the false positive don't show up again on the UI, instead still showing up for any subsequent scan as a false positive. There is a little bit of cluttering that could be avoided."
"Veracode is a little costly. It's cost-effective for a large enterprise, but it may be too expensive for small businesses."
"Veracode should make it easier to navigate between the solutions that they offer, i.e. between dynamic, static, and the source code analysis."
"The cost of the solution is a little bit expensive. Expensive in the sense that there was a hundred percent increase in cost from last year to this year, which is certainly not justified."
More Veracode cons
 

Pricing and Cost Advice

"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The product has premium pricing and could be more competitive."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"The solution is cheap."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"Our clients are willing to pay the extra money. It is expensive."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
More HCL AppScan pricing and cost advice
"It's definitely on the higher end of prices for this type of service."
"Perfecto is about 30-40% cheaper than Device Anywhere. That was a big reason why we switched. Perfecto also solves some of the issues that we had with Device Anywhere. We have grown by 100% since we started to use Perfecto, and now we have devices roaming. When we look at the competition, we would still stick with Perfecto."
"This is an expensive solution compared to others, by 30% to 40%."
"Perfecto has definitely saved us on the costs and efforts of having to maintain our own virtual test environment. We lost about 20 devices in the past to maintenance and audit. That was a massive loss for us, as a company, because we were giving devices to someone, but don't know whether we would get it back or not. Having those virtual labs, we don't need to worry about these kinds of things. We are easily saving $5,000 to $10,000 a month on device costing."
"Perfecto's price is excellent compared to other products with similar features. It was the lowest of the three we evaluated. We also established a partnership with Perfecto, so they provide discounts when we sell Perfecto projects and licenses to our customers."
"Pricing-wise, it is fine. It is not as expensive as what we used to have in the past from HP, IBM, and others. It is decently priced."
"I am not sure about its pricing, but from our perspective, licensing has been easy. Anytime I have new users or requests for users that want to get added, it's a very simple process. I just give the architectural owner of the product the name and email address, and they're able to easily add a new user. We don't have any issues in regards to getting licenses, but I don't have any insights into pricing."
"Pricing is an area where Perfecto can do a little better. When we obtain additional licenses, we enter into negotiations with them."
More Perfecto pricing and cost advice
"They just changed their pricing model two weeks ago. They went from a per-app license to a per-megabyte license. I know that the dynamic scan was $500 per app. Static analysis was about $4500 yearly. The license is only for the number of users, it doesn't matter what data you put in there. That was the old model. I do not know how the new model works."
"The worst part about the product is that it does not scale at all. Also, microservices apps will cost you a fortune."
"I think licensing needs to be changed or updated so that it works with adjustments. Pricing is expensive compared to the amount of scanning we perform."
"I'm unfamiliar with the solution's pricing, but it must be worth the cost from a company perspective, as we have been using it for years and have no plans to move away from it."
"Veracode is costly. They have different license models for different customers. What we had was based on the amount of code that has been analyzed. The license that we had was capped to a certain amount, for example, 5 Gig. There would be an extra charge for anything above 5 Gig."
"We pay based on the number of developers working on a particular project."
"The product’s price is a bit higher compared to other solutions."
"For enterprises, Veracode has done a fairly good job, but its pricing is not suitable for startups. The microservice distributed architecture for a startup is very small. I had to do a lot of discussions on the pricing initially. I previously worked in an enterprise organization where I used Veracode, and that's how I got to know about Veracode, but that was a big organization with more than a thousand employees. So, the cost is very different for them because the size of the application is different. Its pricing makes sense there, but when we try to onboard this solution for the startup ecosystem, pricing is not friendly. Because I knew the product and I knew its value, I onboarded it, but I don't think any other startup at our scale will onboard it."
More Veracode pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
See recommendations
869,160 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
12%
Government
10%
Manufacturing Company
10%
Financial Services Firm
23%
Computer Software Company
16%
Manufacturing Company
7%
Healthcare Company
6%
Financial Services Firm
17%
Computer Software Company
15%
Manufacturing Company
9%
Insurance Company
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business13
Midsize Enterprise6
Large Enterprise31
By reviewers
Company SizeCount
Small Business1
Midsize Enterprise1
Large Enterprise23
By reviewers
Company SizeCount
Small Business69
Midsize Enterprise43
Large Enterprise112
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
See all answers
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar ...
See all answers
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We us...
See all answers
Ask a question
Earn 20 points
Which gives you more for your money - SonarQube or Veracode?
SonarQube is easy to deploy and configure, and also integrates well with other tools to do quality code analysis. Son...
See all answers
What do you like most about Veracode Static Analysis?
I like its integration with GitHub. I like using it from GitHub. I can use the GitHub URL and find out the vulnerabil...
See all answers
What is your experience regarding pricing and costs for Veracode Static Analysis?
When considering pricing, Veracode stands out due to its lower cost per service and more scalable options. It offers ...
See all answers
 

Comparisons

Acunetix vs HCL AppScan Logo
Acunetix vs HCL AppScan
Compared 12% of the time
SonarQube Server (formerly SonarQube) vs HCL AppScan Logo
SonarQube Server (formerly SonarQube) vs HCL AppScan
Compared 12% of the time
OWASP Zap vs HCL AppScan Logo
OWASP Zap vs HCL AppScan
Compared 8% of the time
PortSwigger Burp Suite Professional vs HCL AppScan Logo
PortSwigger Burp Suite Professional vs HCL AppScan
Compared 7% of the time
Checkmarx One vs HCL AppScan Logo
Checkmarx One vs HCL AppScan
Compared 7% of the time
More HCL AppScan Competitors
BrowserStack vs Perfecto Logo
BrowserStack vs Perfecto
Compared 31% of the time
Sauce Labs vs Perfecto Logo
Sauce Labs vs Perfecto
Compared 20% of the time
Appium vs Perfecto Logo
Appium vs Perfecto
Compared 12% of the time
LambdaTest vs Perfecto Logo
LambdaTest vs Perfecto
Compared 6% of the time
Eggplant Test vs Perfecto Logo
Eggplant Test vs Perfecto
Compared 5% of the time
More Perfecto Competitors
SonarQube Server (formerly SonarQube) vs Veracode Logo
SonarQube Server (formerly SonarQube) vs Veracode
Compared 15% of the time
Checkmarx One vs Veracode Logo
Checkmarx One vs Veracode
Compared 9% of the time
GitHub Advanced Security vs Veracode Logo
GitHub Advanced Security vs Veracode
Compared 7% of the time
OWASP Zap vs Veracode Logo
OWASP Zap vs Veracode
Compared 4% of the time
Mend.io vs Veracode Logo
Mend.io vs Veracode
Compared 3% of the time
More Veracode Competitors
 

Product Reports

Buyer's Guide
HCL AppScan
September 2025
HCL AppScan reportDownload HCL AppScan product report
Buyer's Guide
Perfecto
September 2025
Perfecto reportDownload Perfecto product report
Buyer's Guide
Veracode
September 2025
Veracode reportDownload Veracode product report
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
Perfecto Mobile, Perfecto Web
Crashtest Security , Veracode Detect
 

Overview

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

HCLSoftware

Perfecto is a cloud-based mobile app testing tool that is designed to help test applications on different operating systems and devices. The solution lets users automate processes related to advanced test scenarios and access browser versions and devices according to individual requirements. With Perfecto’s smart test execution capabilities, teams can manage testing across web and mobile platforms using a single script, conduct parallel testing for large test suites, and design advanced user-based test scenarios to accelerate app release cycles. The solution is also helpful for IT departments, providing insights into biometrics, device vitals, audio injection, network throttling, packet loss, and rotation data to meet desired end-user conditions that align with business priorities.

Perfecto Features

Perfecto has many valuable key features. Some of the most useful ones include:

  • Live Stream analysis
  • Reporting/analytics
  • Activity dashboard
  • Action-word testing
  • Bug tracking
  • Debugging
  • BDD & codeless automation
  • Model-based testing
  • Real-time monitoring
  • Role-based permissions
  • User management
  • Test failure analysis
  • Real user simulation

Perfecto Benefits

There are many benefits to implementing Perfecto. Some of the biggest advantages the solution offers include:

  • Streamlined test creation: When you use Perfecto, test creation is easy for your teams. Testing frameworks, like Appium, allows you to scale automated test scripts without any issues.
  • Scalable test execution: Perfecto enables you to accelerate your mobile app testing and is elastically-scaled with no single point of failure, so you can get the testing cadence you need. In addition, the solution makes it possible for you to execute tests from within IDEs as well as through CI servers like Jenkins.
  • Superior application quality for mobile: By using Perfecto, you can maximize continuous testing and shift quality by combining the solution with BlazeMeter. Together, these two solutions can help you measure mobile user experience, produce high-quality test data on demand, and create realistic mock services.
  • AI-driven test automation dashboards: The solution’s unique dashboards and heatmaps give you high-level visibility with timelines and trends.
  • Cloud-based lab: Perfecto’s Smart Testing Lab gives you the tools you need to quickly test your mobile app against thousands of permutations.

Reviews from Real Users

Perfecto is a solution that stands out when compared to many of its competitors. Some of its major advantages are that it has fantastic testing, reporting, and automation capabilities.

Roland C., QA Lead at BMO Financial, says, “The most valuable would be their Live Stream analysis, where I can see the live analysis of all the executions on a single device or multiple devices as well as track them. The live analysis and reporting would be the single most valuable feature.”

Andy B., Systems Engineer at a financial services firm, writes, “I really love the interaction it has with mobile devices, the testing capabilities, as well as reporting capabilities that we get from the application. Perfecto is excellent when it comes to executing cross-platform testing.”

A Director, QE Automation & Analytics at a financial services firm, says, “The most valuable feature is cloud-based automation and testing.”

Another PeerSpot reviewer, Kristina B., Product Manager at a manufacturing company, states, “The solution allows us to do seamless cross-platform testing, saves time, and comes with excellent customer service.”

Perforce

Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.

Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.

What are the key features of Veracode?

  • Static Analysis (SAST) - Scans source code for vulnerabilities before deployment.
  • Dynamic Analysis (DAST) - Examines applications in a running state to detect flaws in real-time.
  • Software Composition Analysis (SCA) - Identifies risks in open-source libraries and third-party components.
  • Manual Penetration Testing - Offers expert analysis for more complex vulnerabilities.
  • Integrations with DevOps tools - Seamlessly integrates with CI/CD pipelines for automated security checks.

What benefits should users consider in Veracode reviews?

  • Early detection of vulnerabilities - Helps developers fix security issues early in the development process.
  • Scalability - Supports organizations with large-scale application portfolios.
  • Compliance support - Ensures applications meet various security standards and regulations.
  • Developer training - Provides tools for educating developers on secure coding practices.
  • Comprehensive reporting - Offers detailed reports that track remediation and risk trends.

Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.


Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.

Veracode
 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Virgin Media, Paychex, Rabobank, R+V, Discover
Manhattan Associates, Azalea Health, Sabre, QAD, Floor & Decor, Prophecy International, SchoolCNXT, Keap, Rekner, Cox Automotive, Automation Anywhere, State of Missouri and others.
Buyer's Guide
Application Security Tools
September 2025
Download Free Report
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools. Updated: September 2025.
DOWNLOAD NOW
869,160 professionals have used our research since 2012.