HCL AppScan Primary Use Case
MS
MukeshSaha
Associate Principal, Software Engineering at LTI - Larsen & Toubro Infotech
The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities with features built into the tool, including their AI solutions. I work with AppScan and other security tools as part of my role, focusing on market-leading tools.
View full review »We use AppScan primarily for security testing and performance monitoring across our systems.
View full review »HCL AppScan is a security scanning tool that we use in our company to scan our applications.
Buyer's Guide
HCL AppScan
June 2025

Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,632 professionals have used our research since 2012.
We use the product for Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). By integrating AppScan into our CI/CD pipelines, aligned with Agile methodologies, we ensure that security testing becomes an integral part of the software development lifecycle.
View full review »CV
CRISTIANO VIEIRA SILVA
Mechanical maintenance technician at SAQ
I mainly use AppScan to secure various types of applications. I use its DAFDAT solution for black box scanning, as well as SaaS and source code validation. AppScan helps in scanning code for vulnerabilities, including open-source code.
I use HCL AppScan in my company for application security scanning.
View full review »The solution is used for the vulnerabilities scan on the network side.
View full review »RR
Ramy Ragab
Head of Data Link at Telecom Egypt
We use it for evaluating the application's code on web pages and previously published applications to identify vulnerabilities. It helps us to see how the code is written and how hard it is to find vulnerabilities. It's a useful tool for our purposes.
View full review »PD
Pratiksha Doshi
Director at KPMG
This is a primarily application security testing solution.
View full review »HCL AppScan is primarily used to improve application security. We are transitioning from DevOps to DevSecOps.
We are attempting to integrate these tools into our CICD pipeline in order to meet our business use cases. And if we notice that the tool is missing any business features or a feature, we will highlight them and work to have them fixed or implemented. That is how we go about it. We don't go for any generic features because that will be handled by the product team. We are here to identify our gaps and then have them implemented by the vendor team.
AppScan is only used for web scanning; we do not use it for anything else.
View full review »I used the solution to find vulnerabilities in our website and system. I did some regular checkups.
View full review »JH
Jeon Hyunguk
Security Engineer at KEPCO KDN
I use the tool to find system information for penetration testing and ethical hacking.
View full review »JB
Jagadeesh B
Solutions Architect at IBM
We primarily use the solution for static scans as well as dynamic scans to check for vulnerabilities.
We use HCL AppScan products to help us scan for vulnerabilities and generate reports to provide a foundation on how to fix any issues. Their 4.7 version facilitates machine learning to help us select APIs and customize our scans more specifically. We also use the HCL AppScan Standard Enterprise Source and Cloud for scanning, and we plan to add the HCL AppScan Switch Casing to our toolkit. This makes it easier for us to scan the internet and use Tenable to help us find any issues.
We use the solution to test our web applications and services.
View full review »I have a set project, and I'm writing an application for monitoring server status, and I tried several times to scan it with AppScan in order to understand if there are vulnerabilities in my code.
View full review »We primarily use the solution for static analysis.
View full review »I use it for my customers.
View full review »HCL AppScan efficiently scans through the website and identifies vulnerabilities for AWS. It is reducing tools day by day, making it more efficient.
View full review »CV
CRISTIANO VIEIRA SILVA
Mechanical maintenance technician at SAQ
I use the tool to scan the web interface.
View full review »I mainly use AppScan for vulnerability scanning and database bridging.
View full review »We perform more dynamic scanning using AppScan. We set up a scan, perform it and get the results, and then give the results back to our customer.
Within our organization, there are four members of the team who are using it.
Currently, we are satisfied with AppScan but I am sure there are better alternatives available because this is a very old product. It's been on market for more than ten years now. I am sure there are a lot of new age products that are more scalable and cloud-based. Although we are using it and will probably continue to do so moving forward, I think there are better alternatives on the market now.
View full review »JS
Jamal Uddin Shaikh
Cybersecurity Architecture and Technology Lead at a tech company with 51-200 employees
The primary use case is to detect time-based Blind SQL Injection attacks, as well as Error-Based Injection attacks. The SQL injection attack is my favorite and I have more expertise in this vulnerability.
SC
Sungmin Chun
Chief researcher at INSEC Security
External and internal web application vulnerability scan.
View full review »Our clients use it to try to find errors in base code, and also to find how solutions work together.
I believe they have on-premise usage; they are local government, so they are not very used to using the cloud.
It is an application for security assessment or scanning for static environments.
With all customers, it is performing well.
View full review »We integrate AppSense with Fortinet FortiGate Next-Generation Firewall products. This integration is new for us, but so far, we have had good results. However, it is a new integration.
Fortinet has a lot of potential and integrations going on with IBM: QRadar, AppSense, and IBM Cloud.
We use it for all website development and web-based applications, as part of our development test cycle and QA.
We also routinely use it on existing applications in production because, in terms of security and vulnerabilities, some of the latter exist on some of the platforms that we run. So we run it from time to time, to do some security checks, etc.
It is used as a last check before moving code to production. Therefore, it is used as a developer tool.
View full review »We develop software, and the software is property of our clients. So we want to ensure the highest quality possible, and assist the financial side. We want the application to be as secure as possible. AppScan has helped us to identify a lot of issues; we can find them before they reach a new environment. We catch them, we fix them, and we can offer a higher quality product to our clients.
We test on cloud.
In terms of the transition process from on-prem solutions, it was not so hard because we've been IBM partners for eight years. From the beginning, we started developing on those platforms. So it was natural migration, we were "born" with those applications on those platforms.
View full review »TH
TimHill
Director For Security Products at a manufacturing company with 10,001+ employees
We use it prior to product releases. The web scan portion is used to find vulnerabilities, for example, if we have opened up any ports that we should not have. The source scan is used to look for similar types of vulnerabilities. However, at the source code level, it is scanning the source code, whereas the web scan is hitting ports trying to overload it. Thus, we use both of these types of scans before every product release of several of our products.
We have it installed on-premise, although we have a guy who is looking at the cloud version.
Our use case is that we always test our applications with AppScan before going to the production side. We have been using it for many years. It's honestly one of the best products in the application security the portfolio.
We aren't using it on the cloud.
View full review »We use IBM Appscan for a dynamic assessment of development of our code, so we're looking for something that will actually help us through our entire security development lifecycle.
It has performed better than we expected. We were able to use it quite often, use the server IDE to help test our code before we go into a full test. And it's helped point out some things we had to correct.
We're using it on the cloud. That particular solution we've been using on the cloud because it's a cloud instance, so the transition from going from one to the other wasn't there because we already had our cloud. We were able to use it because we had nothing else there. It helped fill a need that we really had.
View full review »It is used for a DevOps environment, to perform a security profile, a code profile assessment. When you are building your software code, before finishing the build process and deploying to production, we run AppScan to figure out any security vulnerabilities in the code. It's called static analysis of the code.
View full review »We use it as a security testing application.
View full review »Buyer's Guide
HCL AppScan
June 2025

Learn what your peers think about HCL AppScan. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,632 professionals have used our research since 2012.