No more typing reviews! Try our Samantha, our new voice AI agent.

HCL AppScan vs ReversingLabs comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

HCL AppScan
Ranking in Application Security Tools
21st
Average Rating
7.6
Reviews Sentiment
5.9
Number of Reviews
44
Ranking in other categories
Static Application Security Testing (SAST) (17th), Dynamic Application Security Testing (DAST) (6th)
ReversingLabs
Ranking in Application Security Tools
40th
Average Rating
9.2
Reviews Sentiment
7.0
Number of Reviews
4
Ranking in other categories
Anti-Malware Tools (42nd), Container Security (52nd), Software Composition Analysis (SCA) (25th), Threat Intelligence Platforms (TIP) (28th), Software Supply Chain Security (18th)
 

Mindshare comparison

As of July 2026, in the Application Security Tools category, the mindshare of HCL AppScan is 2.4%, down from 2.7% compared to the previous year. The mindshare of ReversingLabs is 0.9%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools Mindshare Distribution
ProductMindshare (%)
HCL AppScan2.4%
ReversingLabs0.9%
Other96.7%
Application Security Tools
 

Featured Reviews

Ravi Khanchandani - PeerSpot reviewer
Founder Director at Techsa Services
Has improved identification of encryption and authentication issues across cloud and on-prem applications
During the learning curve of onboarding HCL AppScan, we learned that HCL has altered the portfolio and now offers HCL AppScan 360, which has a much better look and feel with an improved user interface. However, there is one feature called SCA, which stands for Software Composition Analysis, that could be improved. When I'm doing an application scan, HCL AppScan has the ability to generate information about what components are in use. For example, if I'm scanning a web application, it shows me the various components being used. It tells me whether I have Java libraries, .NET frameworks, or other log management libraries such as Log4j, and what versions of those specific components are present. I would like to see more detailed reports from the tool. Currently, you can find out the components belonging to a specific software, but if detailed reporting became available, you would be in a better position to identify vulnerabilities. For instance, I could identify that I had the Log4j vulnerability and know that I need to fix my application accordingly. If they add the features I'm describing, I would consider giving them a higher rating. However, I've only been experienced with the product for three months.
TC
Forensic Lead, Global Security Fusion Center at a insurance company with 10,001+ employees
Very good malware and goodware repository and enables us to look more deeply at indicators of compromise
The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild. Also, the solution’s object and file analysis provide us with actionable insights. Its malware and goodware repository is very good. It's very robust. It gets all of the different repositories that are out there that do analysis and brings them under one roof where we can statically analyze for those indicators of compromise and look at them more deeply. If we need to go deeper into things, we can do that.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"This is a stable solution."
"HCL AppScan has helped us improve our security posture, as we've been able to identify quite a few issues."
"The reporting part is the most valuable feature."
"For its first initial release, the integration was pretty good."
"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It's a good product; its automated crawler identifies all URLs and performs security tests, and it has very rich test cases which ensure pretty good coverage in terms of security testing while the UI is user friendly and intuitive."
"The solution offers services in a few specific development languages."
"The solution is easy to install. I would rate the product's setup between six to seven out of ten. The deployment time depends on the applications that need to be scanned. We have a development and operations team to take care of the product's maintenance."
"It offers reports on a great many more file types than the other analysis solutions we have. It can give us a more in-depth analysis and better reporting on a larger number of file types. It also gives us a more comprehensive score on a number of things as well, and that's why we're using it as a front-end filter. It gives us more information... It's valuable because of its depth of information, as well as the breadth it gives us. There aren't a lot of tools that cover all of the different file types."
"We had nothing in the environment to do such analysis, so it's been a savior in many ways."
"We have complete faith that it can do that for us, and can do it at scale."
"ReversingLabs has a large sample size."
"As far as the malware repository is concerned, it's extensive. It's a good source for finding samples, where we are unable to find them on other channels or by leveraging other sources."
"As far as static analysis information is concerned, we use most of the information that is available in order to determine whether or not we might be dealing with a malware variant. This includes information that is related to Java rules. This is also related to malware families indicated or specific malicious software variants that are labeled by name."
"As far as the availability of the content is generally concerned and the number of malicious programs that can be looked up in the repository, these are very extensive."
"The automated static analysis of malware is the most valuable feature. Its detection abilities are very good. It hits all of the different platforms out there, platforms that see the items in the wild."
 

Cons

"Currently, we are satisfied with AppScan but I am sure there are better alternatives available because this is a very old product."
"​IBM Security AppScan Source is rather hard to use​."
"We would like to integrate with some of the other reporting tools that we're planning to use in the future."
"Visibility is an issue for us. Our partners were not even aware that we had an integration with AppSense."
"They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."
"There are so many lines of code with so many different categories that I am likely to get lost. ​"
"HCL AppScan needs to improve security."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The product support could be better at times. Sometimes, the resources that they provide could be of higher quality."
"While the company is very helpful, it would be very much appreciated to have extensive proof of concept scripts for the different APIs available, though not for all the APIs that we have purchased. Respective scripts are available, but those scripts which are available are typically not of very high quality."
"We would really like further integration with our threat intelligence platform, which is called ThreatConnect. We would also really like further integrations with an endpoint protection product we use called Tanium. The reason I mentioned both of these is that ReversingLabs claims to have extensive integrations with both of them, but they did not work for us."
"I would like to see if we could do a little bit more of bulk uploading of hash sets. Right now, I can only do them individually."
"The solution needs to improve integrations."
 

Pricing and Cost Advice

"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The tool was expensive."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"The solution is cheap."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"I would rate the product's pricing a nine out of ten. The product's pricing is expensive compared to the features that they offer."
"HCL AppScan is expensive."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"We have a yearly contract based on the number of queries and malicious programs which can be processed."
"Currently, the license number of lookups that we purchased has not been reached yet, because the integration has only recently been completed. However, our usage is expected and planned to increase over the next couple of months."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
11%
Manufacturing Company
9%
Government
9%
Computer Software Company
8%
Construction Company
16%
Financial Services Firm
12%
Computer Software Company
8%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business14
Midsize Enterprise6
Large Enterprise31
No data available
 

Questions from the Community

What needs improvement with HCL AppScan?
During the learning curve of onboarding HCL AppScan, we learned that HCL has altered the portfolio and now offers HCL AppScan 360, which has a much better look and feel with an improved user interf...
What is your primary use case for HCL AppScan?
I'm currently working with BigFix and HCL AppScan. At least three people in my company are using HCL AppScan. Since we are a reseller, we run it in both lab environments and live production applica...
What is your experience regarding pricing and costs for HCL AppScan?
AppScan is considered more cost-effective than Veracode, although I have not updated the exact pricing details. Companies often choose based on budget constraints, with Veracode being on the higher...
Ask a question
Earn 20 points
 

Comparisons

 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
ReversingLabs Titanium, ReversingLabs secure.software
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
Financial services, healthcare, government, manufacturing, oil & gas, telecommunications, information technology
Find out what your peers are saying about HCL AppScan vs. ReversingLabs and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.