Try our new research platform with insights from 80,000+ expert users

HCL AppScan vs Tenable.io Web Application Scanning comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Oct 8, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

HCL AppScan
Ranking in Application Security Tools
15th
Average Rating
7.8
Reviews Sentiment
6.1
Number of Reviews
43
Ranking in other categories
Static Application Security Testing (SAST) (15th), Dynamic Application Security Testing (DAST) (1st)
Tenable.io Web Application ...
Ranking in Application Security Tools
19th
Average Rating
7.8
Reviews Sentiment
6.7
Number of Reviews
17
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2025, in the Application Security Tools category, the mindshare of HCL AppScan is 2.7%, up from 2.7% compared to the previous year. The mindshare of Tenable.io Web Application Scanning is 1.3%, down from 1.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Application Security Tools
 

Featured Reviews

Sthembiso Zondi - PeerSpot reviewer
Has a straightforward setup process and valuable security features
We use AppScan primarily for security testing and performance monitoring across our systems The product's features for comprehensive code analysis (static) and live environment testing (dynamic) have significantly enhanced our ability to identify and address vulnerabilities, improving overall…
Harshal Deshmukh - PeerSpot reviewer
Simple tool to use, good dashboard capabilities and offers asset criticality ratings
It has good dashboard capabilities and gives good results with priority ratings, asset criticality ratings, and exposure scores for vulnerabilities. It also provides automated web application scanning, which customers appreciate because it doesn't disturb the web application or hamper the business. While testing the web application, sometimes it happens that the website or application goes down. But with Tenable.io Web Application Scanning, it doesn't affect the business. It has good unified web application scanning and exposure management.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"IBM AppScan has made our work easy, as we can do four to five scans of websites at a time, which saves time when it comes to vulnerability."
"It identifies all the URLs and domains on its own and then performs tests and provides the results."
"The product has valuable features for static and dynamic testing."
"AppScan is stable."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"This solution saves us time due to the low number of false positives detected."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"It was easy to set up."
"The most valuable feature is the reporting, which provides a good level of detail with respect to vulnerabilities."
"Tenable provides the end analysis results covering all the published vulnerabilities and information on the market."
"It has good unified web application scanning and exposure management."
"Tenable.io Web Application Scanning is very easy to use."
"The most valuable features of Tenable.io Web Application Scanning are the integration into specific use cases and scanning. All of the features of the solution are useful."
"Our customers adopt this solution because of the replication testing and the vulnerability assessment it can do. It is a multi-faceted product."
"The solution is stable."
"All the features are valuable to us as they offer cutting-edge scanning methods and address the latest issues with a contemporary approach. Tenable.io Web Application Scanning is highly stable. I rate it a nine out ten. Since the solution works on the Cloud, it's highly scalable. I rate the scalability a nine out of ten. The setup of the solution is straightforward. The Return on Investment is substantial. I recommend the solution to all."
 

Cons

"​IBM Security AppScan Source is rather hard to use​."
"AppScan needs to improve its handling of false positives."
"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"AppScan needs to improve its handling of false positives."
"The databases for HCL are small and have room for improvement."
"The penetration testing feature should be included."
"I would like for them to add proxy filtering, where you can transfer and alter the package. It is fully automated. Other web application testers programs are actually proxy software, and the proxy software gives you the flexibility of modifying the outgoing package, which will actually help you in exploiting any vulnerability in detail."
"The technical support needs improvement. Currently, it takes time, which might be due to the free version, but providing some level of support could encourage future purchase decisions."
"The cloud and the on-premises versions have their own controllers, and there is no way to centrally manage controllers."
"They have a general dashboard for web application scanning, but the dashboards and reporting can be improved. They probably have some features in their roadmap."
"Tenable.io Web Application Scanning could improve by offering faster fuzzing."
"The reporting has a very limited customization capability."
"The platform's technical support services could be better."
"The market is standard for vulnerability scanning, however, the posture can be improved through Tenable's prioritization engine."
 

Pricing and Cost Advice

"The price is very expensive."
"Pricing was the main reason that we went ahead with this solution as they were the lowest in the market."
"The price of HCL AppScan is okay, in my opinion. You just buy HCL AppScan and don't pay anything anymore, meaning it is just a one-time purchase."
"The product is moderately priced, though it's an investment due to extensive code analysis needs."
"The tool was expensive."
"The solution is moderately priced."
"The product has premium pricing and could be more competitive."
"HCL AppScan is expensive."
"For Tenable.io Web Application Scanning, it comes to around 6,50,000 Indian rupees, plus taxes."
"Tenable.io Web Application Scanning is expensive for small businesses."
"The application is extremely affordable. There are no additional costs involved with licensing. We switched to Tenable.io Web Application Scanning from other solutions due to pricing."
"The price of the solution is reasonable compared to the competitors. The license cost is based on the number of users and the annual usage."
"The pricing is okay."
"I rate the product's pricing a four out of ten."
"It follows the same licensing scheme as Tenable.io and Tenable. sc."
report
Use our free recommendation engine to learn which Application Security Tools solutions are best for your needs.
861,390 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
14%
Government
11%
Manufacturing Company
9%
Financial Services Firm
15%
Computer Software Company
12%
Government
12%
Retailer
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about HCL AppScan?
The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase.
What needs improvement with HCL AppScan?
AppScan needs to improve its handling of false positives. It also requires enhancements in customer support, similar to what Veracode provides. Regularly scheduling calls with clients to discuss fe...
What is your primary use case for HCL AppScan?
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities wi...
What do you like most about Tenable.io Web Application Scanning?
The most effective feature of the product is the ability to scan the entire environment.
What needs improvement with Tenable.io Web Application Scanning?
Improvements could include providing coverage reports in the free version and features related to security reports. Also, enhancing technical support would be beneficial as there is room for improv...
What advice do you have for others considering Tenable.io Web Application Scanning?
I would recommend Tenable.io Web Application Scanning as it provides us with good reports, which help improve our code base, despite the lack of financial benefits. Overall, I would rate it seven o...
 

Also Known As

IBM Security AppScan, Rational AppScan, AppScan
No data available
 

Overview

 

Sample Customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT
IMDEX
Find out what your peers are saying about HCL AppScan vs. Tenable.io Web Application Scanning and other solutions. Updated: July 2025.
861,390 professionals have used our research since 2012.