HCL AppScan and Qualys Web Application Scanning are key players in the web application security space. HCL AppScan stands out for its comprehensive features and simplicity, while Qualys is noted for minimal false positives and effective threat management, making it a favorite in terms of detection accuracy.
Features: HCL AppScan offers robust capabilities in detecting cross-site scripting (XSS) vulnerabilities, extensive static and dynamic testing, and seamless integration during the coding phase. Qualys Web Application Scanning is renowned for its reliable scanning with minimal false positives, robust vulnerability and patch management, and the unique consolidation of web application and internal vulnerability management.
Room for Improvement: HCL AppScan can enhance handling of false positives, expand language support, and improve integration with CI/CD pipelines alongside its technical support. Qualys Web Application Scanning requires a more user-friendly UI, better compliance standard integration, and improved visibility and automation features.
Ease of Deployment and Customer Service: HCL AppScan predominantly operates on-premises, facing challenges in integration and setup, while customer service has suffered post-IBM acquisition. In contrast, Qualys Web Application Scanning provides flexible deployment options, including hybrid and private cloud setups, and is praised for responsive technical support although some regions require more resources.
Pricing and ROI: HCL AppScan is perceived as expensive, with pricing models that are costly upfront but deliver swift ROI by reducing vulnerabilities. Qualys Web Application Scanning's pricing is also high but offers negotiable terms on bulk licenses, presenting a cost-effective alternative with significant ROI through integration into DevOps processes and defect reduction.
Veracode provides excellent assistance and regularly scheduled calls to address customer concerns and updates.
Once we purchase the license, we have access to top-notch support.
I have dealt with Qualys's technical support, and any enhancements are challenging.
At one point, there was a limitation on reporting for 100,000 assets at a time.
It is licensed for assets, so we just contact the team for additional licenses if needed.
With the growing reliance on AI, Qualys Web Application Scanning should be updated to handle AI-based applications and LLM-based attacks.
One area of improvement is reducing false positives by prioritizing agent findings over remote findings when there is a corresponding local agent finding.
I would like it to be cheaper because it is a bit expensive compared to competitors like Tenable Nessus.
Companies often choose based on budget constraints, with Veracode being on the higher end cost-wise.
They offer discounts on bulk licenses, making it cheaper compared to competitors like Veracode DAST.
I find it a bit expensive compared to other competitors.
AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further.
It effectively detects vulnerabilities like the OWASP Top 10 without any issues in reporting.
It is recognized as one of the best tools for web application security from a development perspective.
The product helps by providing options for remediating vulnerabilities it finds, making it really useful.
IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.
Qualys Web Application Scanning (WAS) is a fully cloud-based web application security scanner. The scanner will automatically crawl periodically and test web applications to discover potential vulnerabilities, including cross-site scripting (XSS) and SQL injection. The consistent testing equips the automated service to generate consistent results, lessen false positives, and offer the ability to scale to protect thousands of websites effortlessly.
Qualys Web Application Scanning is bundled with different scanning technology to carefully scan websites for malware infections and will send notifications to website owners to assist in preventing blacklisting and brand reputation damage. As digital transformation takes place in various organizations, Qualys WAS gives organizations the ability to track and document their web app security status through its interactive reporting capabilities.
Qualys WAS empowers organizations to remediate any web application vulnerabilities quickly. Some of the key tools offered are:
Benefits of Qualys Web Application Scanning
Qualys Web Application Scanning offers many benefits, including:
Reviews from Real Users
Qualys Web Application Scanning stands out among its competitors for a variety of reasons. Two of those reasons are its progressive scan and quick detection of vulnerabilities.
P.K., a senior software developer at a tech vendor, writes, "The feature that I have found most valuable is the progressive scan. It is good. It's done in 24 hours."
Nagaraj S., lead cybersecurity engineer at a tech service company, notes, "I have found the detection of vulnerabilities tool thorough with good results and the graphical display output to be wonderful and full of colors. It allows many types of outputs, such as bar and chart previews."
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
