Try our new research platform with insights from 80,000+ expert users
HCL AppScan Logo

HCL AppScan Reviews

Vendor: HCLSoftware
3.9 out of 5
Badge Ranked 1
1,659 followers
Start review

What is HCL AppScan?

IBM Security AppScan enhances web application security and mobile application security, improves application security program management and strengthens regulatory compliance. By scanning your web and mobile applications prior to deployment, AppScan enables you to identify security vulnerabilities and generate reports and fix recommendations.

Get the HCL AppScan Buyer's Guide and find out what your peers are saying about HCL AppScan, SonarQube Server (formerly SonarQube), GitLab and more!
HCL AppScan is the #1 ranked solution in top Dynamic Application Security Testing (DAST) solutions, #12 ranked solution in AST tools, and #14 ranked solution in application security solutions. PeerSpot users give HCL AppScan an average rating of 7.8 out of 10. HCL AppScan is most commonly compared to SonarQube Server (formerly SonarQube): HCL AppScan vs SonarQube Server (formerly SonarQube). HCL AppScan is popular among the large enterprise segment, accounting for 67% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Buyer's Guide
HCL AppScan
May 2025
Get the report
Helped 851,491 peers since 2012

Featured HCL AppScan reviews

Read more reviews

HCL AppScan mindshare

Product category:
Application Security Tools
As of May 2025, the mindshare of HCL AppScan in the Application Security Tools category stands at 2.7%, up from 2.6% compared to the previous year, according to calculations based on PeerSpot user engagement data.
Application Security Tools

PeerResearch reports based on HCL AppScan reviews

TypeTitleDate
CategoryApplication Security ToolsMay 18, 2025Download
ProductReviews, tips, and advice from real usersMay 18, 2025Download
ComparisonHCL AppScan vs SonarQube Server (formerly SonarQube)May 18, 2025Download
ComparisonHCL AppScan vs VeracodeMay 18, 2025Download
ComparisonHCL AppScan vs Checkmarx OneMay 18, 2025Download
Suggested products
TitleRatingMindshareRecommending
SonarQube Server (formerly SonarQube)4.024.5%81%114 interviewsAdd to research
GitLab4.32.9%97%84 interviewsAdd to research
 
 
Key learnings from peers

Valuable Features

HCL AppScan offers valuable features such as PCI compliance templates, ease of use, rapid code scanning, extensive vulnerability detection, effective static and dynamic testing, multilingual support, custom rules, low false-positive rate, and intuitive user interface. Users appreciate its scalability, security practices enforcement, API capabilities, integration with SDLC, AI-powered enhancements, QR code scanning, and ability to handle sensitive data protection.
  • "AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
  • "AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further."
  • "The platform has valuable security features, helping us identify sensitive code issues and the possibility of internal applications' exposure to external threats."

Room for Improvement

HCL AppScan's areas for enhancement include better false positive management, integration with other tools, and extended mobile support. Users indicate improved performance is needed, especially with large scans. The system's usability and dashboard interface require refinement. More extensive language and AI integration, alongside fortified security measures, are necessary. Expanding database size and improving technical support are noted. Users also seek better pricing models and automation alerts. Enhancements in CI/CD integration and support for containers are desired.
  • "AppScan needs to improve its handling of false positives."
  • "AppScan needs to improve its handling of false positives."
  • "They could incorporate AI to enhance vulnerability detection and improve the product's reporting capabilities."

ROI

Organizations reported a 50 percent return from HCL AppScan. In Brazil, users witnessed a 20 percent cost reduction. It enhances microservices-led architecture by minimizing errors and defects, integrating DevOps and IT pipelines, and improving application security post-deployment. Many banks benefited from cost savings and observed returns within six months. Some users could not provide financial insights.

Pricing

Enterprise users perceive HCL AppScan's pricing as generally expensive, though some find it cost-effective compared to competitors like Veracode. Users appreciate the one-time purchase option without ongoing license fees, while others utilize a token-based system and find it convenient for scanning needs. Discounts are occasionally available, but many users suggest pricing could be more competitive. Overall, costs reflect the premium features offered, and clients are often willing to invest for its encryption security scanning capabilities.
  • "The product is moderately priced, though it's an investment due to extensive code analysis needs."
  • "The solution is cheap."
  • "The product has premium pricing and could be more competitive."

Popular Use Cases

The primary use case of HCL AppScan involves ensuring application security through static and dynamic analysis, vulnerability detection, and security assessment. Many use it for DevOps and DevSecOps environments, integrating it into CI/CD pipelines. It supports scanning web interfaces and applications both on-premise and in cloud settings. Users highlight its ability to detect issues like SQL injections and perform security testing as part of the development and quality assurance processes.

Service and Support

HCL AppScan's customer service is mostly responsive, fast, and knowledgeable. Users report satisfaction with transitions and operational responses. However, some express a need for more regional support, particularly in the Gulf. While some praise is given for helpfulness and user-friendliness, there are mentions of delays due to time differences and criticisms of declining service quality since changing from IBM. Comparisons indicate Veracode may deliver superior assistance and regular communication.

Deployment

Many find HCL AppScan's initial setup straightforward, describing it as easy and quick, typically taking one to two days. Some experience complexity, especially with integration and large clients. Users actively engage professional services for customization. Feedback highlights the simplicity of cloud deployment, although certain setups require experienced personnel. Setup ratings range from six to ten out of ten, with deployment duration varying based on specific requirements and integrations.

Scalability

Users generally find HCL AppScan's scalability to be favorable with some exceptions. Many report seamless scaling capabilities, particularly in cloud-based scenarios, attributing ease in adaptation and expansion to program design and hardware allocation. However, others indicate limitations, like license restrictions and initial setup challenges. Test experiences vary, with some organizations noting efficient scaling across environments, while others suggest adjustments in infrastructure to meet larger-scale requirements. Overall user feedback leans towards a positive view of scalability.

Stability

HCL AppScan is consistently stable, with most users experiencing no issues. Some note minor glitches, often attributed to hardware rather than the application itself. Ratings often range from seven to eight out of ten. Users highlight strong reliability, reporting that it handles heavy workloads effectively. Only small stability concerns are mentioned during intense scanning or with older versions, but recent updates seem to have resolved these. Stability is enhanced when proper resources are utilized.
These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.
Download our HCL AppScan Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
By visitors reading reviews

Top industries

By visitors reading reviews
Computer Software Company
18%
Financial Services Firm
14%
Government
12%
Manufacturing Company
9%
Healthcare Company
4%
University
4%
Energy/Utilities Company
3%
Insurance Company
3%
Retailer
3%
Comms Service Provider
3%
Real Estate/Law Firm
3%
Educational Organization
3%
Performing Arts
2%
Media Company
2%
Construction Company
2%
Non Profit
2%
Hospitality Company
2%
Pharma/Biotech Company
1%
Transportation Company
1%
Outsourcing Company
1%
Consumer Goods Company
1%
Wholesaler/Distributor
1%
Recreational Facilities/Services Company
1%
Legal Firm
1%
Aerospace/Defense Firm
1%
Recruiting/Hr Firm
1%
Sports Company
1%

Compare HCL AppScan with alternative products

Go!

Learn more about HCL AppScan

HCL AppScan was previously known as IBM Security AppScan, Rational AppScan, AppScan.

HCL AppScan customers

Essex Technology Group Inc., Cisco, West Virginia University, APIS IT

Related questions

  • 32
Difference between IBM Appscan and HP fortify software
  • 17
Which solution do you prefer: Fortify WebInspect or HCL AppScan?
  • 596
If you had to both encrypt and compress data during transmission, which would you do first and why?
  • 31
When evaluating Application Security, what aspect do you think is the most important to look for?
  • 90
What are the Top 5 cybersecurity trends in 2022?
  • 111
What are the threats associated with using ‘bogus’ cybersecurity tools?
  • 38
We're evaluating Tripwire, what else should we consider?
  • 11
Which application security solutions include both vulnerability scans and quality checks?
  • 1,386
Is SonarQube the best tool for static analysis?
  • 20
Why Do I Need Application Security Software?

Product Categories

Product Categories
Application Security Tools
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)

Popular Comparisons

Popular Comparisons
SonarQube Server (formerly SonarQube) vs HCL AppScan Logo
SonarQube Server (formerly SonarQube) vs HCL AppScan
GitLab vs HCL AppScan Logo
GitLab vs HCL AppScan
Snyk vs HCL AppScan Logo
Snyk vs HCL AppScan
Checkmarx One vs HCL AppScan Logo
Checkmarx One vs HCL AppScan
Veracode vs HCL AppScan Logo
Veracode vs HCL AppScan
Coverity vs HCL AppScan Logo
Coverity vs HCL AppScan
Mend.io vs HCL AppScan Logo
Mend.io vs HCL AppScan
OWASP Zap vs HCL AppScan Logo
OWASP Zap vs HCL AppScan
SonarQube Cloud (formerly SonarCloud) vs HCL AppScan Logo
SonarQube Cloud (formerly SonarCloud) vs HCL AppScan
Fortify on Demand vs HCL AppScan Logo
Fortify on Demand vs HCL AppScan
GitHub Advanced Security vs HCL AppScan Logo
GitHub Advanced Security vs HCL AppScan
Sonatype Lifecycle vs HCL AppScan Logo
Sonatype Lifecycle vs HCL AppScan
Acunetix vs HCL AppScan Logo
Acunetix vs HCL AppScan
PortSwigger Burp Suite Professional vs HCL AppScan Logo
PortSwigger Burp Suite Professional vs HCL AppScan
Qualys Web Application Scanning vs HCL AppScan Logo
Qualys Web Application Scanning vs HCL AppScan
See all alternatives
 

HCL AppScan reviews

Sort by:
MS
Associate Principal, Software Engineering at LTI - Larsen & Toubro Infotech
Verified user of HCL AppScan
Nov 26, 2024
Provides great features that facilitate quick solutions to vulnerabilities but customer support needs improvement

Pros

"AppScan's most valuable features include its ability to identify vulnerabilities accurately, provide detailed remediation steps, and the newly introduced AI-powered features that enhance its functionality further. "

Cons

"AppScan needs to improve its handling of false positives."

What is our primary use case?

The primary use case for AppScan is for security purposes. I compare AppScan with other tools such as Veracode. We use AppScan for vulnerability detection and auto-remediation of vulnerabilities with features built into the tool, including their AI solutions. I work with AppScan and other security tools as part of my role, focusing on market-leading tools.

How has it helped my organization?

AppScan provides great features that facilitate quick solutions to vulnerabilities. It helps by suggesting alternative functions that can be implemented directly into the code, thus reducing the need for developers to conduct extensive searches.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (555 words)
CV
Mechanical maintenance technician at SAQ
Verified user of HCL AppScan
May 1, 2024
Allows for scanning during code construction

Pros

"The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase. "

Cons

"Improving usability could enhance the overall experience with AppScan. It would be beneficial to make the solution more user-friendly, ensuring that everyone can easily navigate and utilize its features."

What is our primary use case?

I mainly use AppScan to secure various types of applications. I use its DAFDAT solution for black box scanning, as well as SaaS and source code validation. AppScan helps in scanning code for vulnerabilities, including open-source code.

What is most valuable?

The most valuable feature of HCL AppScan is its integration with the SDLC, particularly during the coding phase. This allows for scanning during code construction, which is beneficial. However, I also find the DAF and penetration testing features valuable, especially for discovering vulnerabilities like those in the OWASP Top Ten.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (593 words)
Buyer's Guide
HCL AppScan
Download free report
Find out what your peers are saying about HCL AppScan. Updated May 2025
851,491 professionals have used our research since 2012.
Rishi Anupam - PeerSpot user
Senior Manager at Airtel
Verified user of HCL AppScan
May 31, 2023
A stable and scalable scanning solution with good reporting feature

Pros

"The reporting part is the most valuable feature."

Cons

"The penetration testing feature should be included."

What is our primary use case?

The solution is used for the vulnerabilities scan on the network side.

What is most valuable?

The reporting part is the most valuable feature.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Read full review (178 words)
PD
Director at KPMG
Verified user of HCL AppScan
Jul 22, 2022
Testing solution that does not integrate with other products or offer the same modern features as other solutions on the market

Pros

"This is a stable solution. "

Cons

"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."

What is our primary use case?

This is a primarily application security testing solution.

What is most valuable?

SAST is the only feature that works using the on-prem version. It's becoming very difficult for us to integrate it with the other SecOps solutions. It is a very good solution but only when using the standard version.

*Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Read full review (510 words)
Gladwin Christian - PeerSpot user
QA manager at SmartStream Technologies ltd.
Verified user of HCL AppScan
Oct 12, 2023
A useful tool to scan applications that can be easily installed

Pros

"The most valuable feature of the solution is the scanning or security part."

Cons

"The solution's scalability can be a matter of concern because one license runs on one machine only."

What is our primary use case?

HCL AppScan is a security scanning tool that we use in our company to scan our applications.

What is most valuable?

The most valuable feature of the solution is the scanning or security part.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (570 words)
AnshulTomar - PeerSpot user
Cyber Security Architect and Presales Consultant at Kyndryl
Verified user of HCL AppScan
Jan 21, 2024
Scalable platform with efficient static and dynamic testing features

Pros

"The product has valuable features for static and dynamic testing. "

Cons

"They could add a software component analysis tool."

What is our primary use case?

We use the product for Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST). By integrating AppScan into our CI/CD pipelines, aligned with Agile methodologies, we ensure that security testing becomes an integral part of the software development lifecycle.

What is most valuable?

The product has valuable features for static and dynamic testing. It is one of the leaders in the market amongst SAST solutions.

*Disclosure: My company has a business relationship with this vendor other than being a customer: reseller
Read full review (348 words)
AnanyaRoy - PeerSpot user
Risk Analyst at Deloitte
Verified user of HCL AppScan
Oct 3, 2023
A stable and scalable product useful for application security scanning

Pros

"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."

Cons

"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."

What is our primary use case?

I use HCL AppScan in my company for application security scanning.

What is most valuable?

The most valuable feature of the solution stems from the fact that it is good to run the scan faster. You can basically run the scan and take a break at work since the tool will compute the results, which makes the product quite intuitive. HCL AppScan doesn't require constant monitoring.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (409 words)
RR
Head of Data Link at Telecom Egypt
Verified user of HCL AppScan
May 3, 2023
Useful tool for evaluating vulnerabilities

Pros

"The product is useful, particularly in its sensitivity and scanning capabilities."

Cons

"There is room for improvement in the pricing model. "

What is our primary use case?

We use it for evaluating the application's code on web pages and previously published applications to identify vulnerabilities. It helps us to see how the code is written and how hard it is to find vulnerabilities. It's a useful tool for our purposes.

What is most valuable?

The product is useful, particularly in its sensitivity and scanning capabilities. Additionally, it allows for investigation while the developer is writing the code. It is a more efficient process compared to other tools like App Scan.

*Disclosure: I am a real user, and this review is based on my own experience and opinions.
Read full review (314 words)