Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Tenable.io Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

HCL AppScan
Ranking in Application Security Tools
15th
Average Rating
7.8
Reviews Sentiment
6.1
Number of Reviews
43
Ranking in other categories
Static Application Security Testing (SAST) (15th), Dynamic Application Security Testing (DAST) (1st)
Tenable.io Web Application ...
Ranking in Application Security Tools
19th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
17
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of HCL AppScan is 2.7%, up from 2.7% compared to the previous year. The mindshare of Tenable.io Web Application Scanning is 1.3%, down from 1.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Sthembiso Zondi - PeerSpot reviewer
Has a straightforward setup process and valuable security features
We use AppScan primarily for security testing and performance monitoring across our systems The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall…
Harshal Deshmukh - PeerSpot reviewer
Simple tool to use, good dashboard capabilities and offers asset criticality ratings
It has good dashboard capabilities and gives good results with priority ratings, asset criticality ratings, and exposure scores for vulnerabilities. It also provides automated web application scanning, which customers appreciate because it doesn't disturb the web application or hamper the business. While testing the web application, sometimes it happens that the website or application goes down. But with Tenable.io Web Application Scanning, it doesn't affect the business. It has good unified web application scanning and exposure management.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It was easy to set up."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"Technical support is helpful."
"It provides a better integration for our ecosystem."
"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"The static scans are good, and the SaaS as well."
"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
"It collects the vulnerabilities on the hostnames and sends them to the Tenable.io cloud. Tenable has its own cloud where Tenable.io is running, but there are many connectors to other cloud solutions. Tenable can do vulnerability scanning for other cloud managers such as Azure, Amazon, and so on."
"I would recommend Tenable.io Web Application Scanning to others."
"The solution's instant reports feature is the most effective for detecting threats."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"It has good unified web application scanning and exposure management."
"Tenable.io Web Application Scanning provides a detailed report, identifying functions that are complex and need to be more maintainable and readable."
"Now that the license is centralized, it's a significant feature to manipulate assets based on their functions."
 

Cons

"The product has some technical limitations."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"AppScan is too complicated and should be made more user-friendly."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."
"Improvement can be done as per customer requirements."
"Many silly false positives are produced."
"The report customization needs to be better."
"The technical support needs improvement. Currently, it takes time, which might be due to the free version, but providing some level of support could encourage future purchase decisions."
"The technical support should be improved. Currently, some attacks are detected while others are not."
"The reporting has a very limited customization capability."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
"Sometimes it lags with different cloud environments."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
 

Pricing and Cost Advice

"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"With the features, that they offer, and the support, they offer, AppScan pricing is on a higher level."
"Our clients are willing to pay the extra money. It is expensive."
"The solution is cheap."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"AppScan is a little bit expensive. IBM needs to work a little bit on the pricing model, decreasing the license cost."
"The product has premium pricing and could be more competitive."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"It follows the same licensing scheme as Tenable.io and Tenable. sc."
"For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes."
"The pricing is okay."
"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."
"Tenable.io Web Application Scanning is expensive for small businesses."
"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."
"I rate the product's pricing a four out of ten."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
861,170 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
14%
Government
11%
Manufacturing Company
9%
Financial Services Firm
14%
Computer Software Company
12%
Government
11%
Retailer
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
What do you like most about Tenable.io Web Application Scanning?
The most effective feature of the product is the ability to scan the entire environment.
What needs improvement with Tenable.io Web Application Scanning?
Improvements could include providing coverage reports in the free version and features related to security reports. Also, enhancing technical support would be beneficial as there is room for improv...
What advice do you have for others considering Tenable.io Web Application Scanning?
I would recommend Tenable.io Web Application Scanning as it provides us with good reports, which help improve our code base, despite the lack of financial benefits. Overall, I would rate it seven o...
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
No data available
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
IMDEX
Find out what your peers are saying about HCL AppScan vs. Tenable.io Web Application Scanning and other solutions. Updated: July 2025.
861,170 professionals have used our research since 2012.