We performed a comparison between HCL AppScan, PortSwigger Burp Suite Professional, and SonarQube based on real PeerSpot user reviews.
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Application Security Tools."This is a stable solution."
"Usually when we deploy the application, there is a process for ethical hacking. The main benefit is that, the ethical hacking is almost clean, every time. So it's less cost, less effort, less time to production."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"The security and the dashboard are the most valuable features."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"Technical support is helpful."
"I like the recording feature."
"The solution is stable."
"The suite testing models are very good. It's very secure."
"The extension that it provides with the community version for the skills mapping is excellent."
"It offers very good accuracy. You can trust the results."
"This solution has helped a lot in finding bugs and vulnerabilities, and the scanner is good enough for simple web apps."
"The reporting part is the most valuable. It also has very good features. We use almost all of the features for different kinds of customers and needs."
"I find the attack model quite amazing, where I can write my scripts and load my scripts as well, which helps quite a bit. All the active scanning that it can do is also quite a lot helpful. It speeds up our vulnerability assessment and penetration testing. Right now, I am enjoying its in-browser, which also helps quite a bit. I'm always confused about setting up some proxy, but it really is the big solution we all want."
"The solution has a pretty simple setup."
"The most valuable features are the wide array of languages, multiple languages per project, the breakdown of bugs, and the description of vulnerabilities and code smells (best practices)."
"It provides the security that is required from a solution for financial businesses."
"The product has a friendly UI that is easy to use and understand."
"I follow Quality Gate's graduation model within organization, and it is extremely helpful for me to benchmark products."
"Can tweak rules and feed them into our build pipelines."
"It easily ties into our continuous integration pipeline."
"The most valuable feature is the security hotspot feature that identifies where your code is prone to have security issues."
"The code coverage feature is very good."
"The solution often has a high number of false positives. It's an aspect they really need to improve upon."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"The databases for HCL are small and have room for improvement."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"AppScan is too complicated and should be made more user-friendly."
"They could add a software component analysis tool."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"The use of system memory is an area that can be improved because it uses a lot."
"There were a lot of false positives there, and we used to spend a lot of time, like, for security reasons, reproducing those bugs for the development team to fix it."
"I am from Brazil. The currency exchange rate from a dollar to a Brazilian Real is quite steep. It is almost six to one. It would be good if it can be sold in the local currency, and its price is cheaper for us."
"We wish that the Spider feature would appear in the same shape that it does in previous versions."
"It would be good if the solution could give us more details about what exactly is defective."
"The tool is very expensive."
"One area that can be improved, when compared to alternative tools, is that they could provide different reporting options and in different formats like PDF or something like that."
"Mitigating the issues and low confluence issues needs some improvement. Implementing demand with the ChatGPT under the web solution is an additional feature I would like to see in the next release."
"You may need to purchase add-ons to get the useability you desire."
"SonarQube could improve by adding automatic creation of tasks after scanning and more support for the Czech language."
"During the setup process, we only had one issue related to the number of available files. To perform the analysis, you have quite a lot of available file handles, so we had to increase that limit."
"A robust credential scanner would be a huge bonus as it would remove the need for yet another niche product."
"I am not very pleased with the technical debt computation."
"Monitoring is a feature that can be improved in the next version."
"There is no automation. You need to put the code there and test. You then pull the results and put them back in the development environment. There is no integration with the development environment. We would like it to be integrated with our development environment, which is basically the CI/CD pipeline or the IDE that we have."
"SonarQube could improve its static application security testing as per the industry standard."
More PortSwigger Burp Suite Professional Pricing and Cost Advice →