We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The user interface is ok and it is very simple to use."
"The solution is easy to use."
"Guided Scan option allows us to easily scan and share reports."
"The accuracy of its scans is great."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Good at scanning and finding vulnerabilities."
"When we are integrating it with SSC, we're able to scan and trace and see all of the vulnerabilities. Comparison is easy in SSC."
"The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"It comes with all of the templates that we need. For example, we are a company that is regulated by PCI. In order to be PCI compliant, we have a lot of checks and procedures to which we have to comply."
"The UI was very intuitive."
"Technical support is helpful."
"We leverage it as a quality check against code."
"The static scans are good, and the SaaS as well."
"The security and the dashboard are the most valuable features."
"The reporting part is the most valuable feature."
"We use it as a security testing application."
"The installation could be a bit easier. Usually it's simple to use, but the installation is painful and a bit laborious and complex."
"Creating reports is very slow and it is something that should be improved."
"We have had a problem with authentification."
"It took us between eight and ten hours to scan an entire site, which is somewhat slow and something that I think can be improved."
"We have often encountered scanning errors."
"Not sufficiently compatible with some of our systems."
"The scanner could be better."
"A localized version, for example, in Korean would be a big improvement to this solution."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"A desktop version should be added."
"In future releases, I would like to see more aggressive reports. I would also like to see less false positives."
"One thing which I think can be improved is the CI/CD Integration"
"IBM Security AppScan Source is rather hard to use."
"The penetration testing feature should be included."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"Sometimes it doesn't work so well."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 41 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.8. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Qualys Web Application Scanning. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.