We performed a comparison between HCL AppScan and Veracode based on real PeerSpot user reviews.
Find out in this report how the two Application Security Tools solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."This is a stable solution."
"The solution offers services in a few specific development languages."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"It was easy to set up."
"AppScan is stable."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"Compared to other tools only AppScan supports special language."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"The static scan is the most valuable feature."
"The most important feature is the static scanning analysis, and the reason is that it can tell us vulnerability in that code, right before we go ahead and push something to production or provide something to a client... Dynamic scanning actually hits our Web applications, to try to detect any well known Web application vulnerabilities as well."
"Veracode's integration with our continuous integration solution is what I've found to be the most valuable feature. It is easy to connect the two and to run scans in an automated way without needing as much manual intervention."
"One thing we like is the secret detection feature. It has helped us to discover keys stored in our settings file as a TXT document. We can address that vulnerability by using encryption. We can even scan Docker images for vulnerabilities. Static analysis is another good feature of Veracode because we can run a security scan during development to identify the vulnerabilities."
"In terms of application security best practices and guidance to our teams, their engineering staff is really excellent. They provide our developers with suggestions and they take those to heart. They've learned from the recommended remediation strategies provided by the Veracode security engineers. That makes all of their future code better."
"The main feature that I have found valuable is the solution's ability to find issues in static analysis. Additionally, there are plenty of useful tools."
"When we expanded our definition of critical systems to include an internal application to be scanned by Veracode, we had initial scans that produced hundreds of vulnerabilities. We expected this, based on how the code was treated previously, but the Veracode platform allowed us to streamline our identification of these items and develop a game plan to quickly address them."
"What I found most valuable in Veracode Static Analysis is that it categorizes security vulnerabilities."
"It has crashed at times."
"The penetration testing feature should be included."
"A desktop version should be added."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"The product has some technical limitations."
"There is not a central management for static and dynamic."
"One thing which I think can be improved is the CI/CD Integration"
"Scans become slow on large websites."
"Veracode is costly, and there is potential for improvement in its pricing."
"Veracode should provide more flexibility in its pricing and licensing modules so that it could be more affordable for all types of projects and not only for very active mission-critical projects."
"If Veracode was more diversified, as far as the number of platforms and the number of applications it could do in our favor, we would be using it even more. But there are a number of platforms it doesn't support. For example, I know they support C+, .NET, and Java, but there are certain platforms they don't support and that was disappointing."
"When we scan binary, when we perform binary analysis, it could go faster. That has a lot to do with the essence of scanning binary code, it takes a little bit longer. Certain aspects, depending on what type of code it is, take a little long, especially legacy code."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
"It will be beneficial for developers if Veracode Greenlight includes Python."
"Veracode should include the feature to run multiple scales at a time."
"In the next release, I would like a proper way of packaging files for scanning and the packing of IOS apps and API Dynamic scan methodology."
HCL AppScan is ranked 14th in Application Security Tools with 39 reviews while Veracode is ranked 2nd in Application Security Tools with 193 reviews. HCL AppScan is rated 7.6, while Veracode is rated 8.2. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". HCL AppScan is most compared with SonarQube, Acunetix, Checkmarx One, PortSwigger Burp Suite Professional and OWASP Zap, whereas Veracode is most compared with SonarQube, Checkmarx One, Snyk, Fortify on Demand and Mend.io. See our HCL AppScan vs. Veracode report.
See our list of best Application Security Tools vendors and best Application Security Testing (AST) vendors.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.