We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature of the solution is the scanning or security part."
"The solution is easy to use."
"The security and the dashboard are the most valuable features."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"I like the recording feature."
"We leverage it as a quality check against code."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"Stability-wise, I rate the solution a nine out of ten. I think it's stable enough. I don't see any crashes within the application, so its stability is high."
"It's great that we can use it with Portswigger Burp."
"It updates repositories and libraries quickly."
"The ZAP scan and code crawler are valuable features."
"The interface is easy to use."
"You can run it against multiple targets."
"Sometimes it doesn't work so well."
"IBM Security AppScan needs to add performance optimization for quickly scanning the target web applications."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"IBM Security AppScan Source is rather hard to use."
"Visibility is an issue for us. Our partners do not know we have integrations with some of IBM products."
"There is room for improvement in the pricing model."
"We would like to see a check in the specific vulnerabilities in mobile applications or rooted devices, such as jailbreaking devices."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"The product reporting could be improved."
"It would be nice to have a solid SQL injection engine built into Zap."
"It would be a great improvement if they could include a marketplace to add extra features to the tool."
"The technical support team must be proactive."
"The documentation is lacking and out-of-date, it really needs more love."
"There are too many false positives."
"Zap could improve by providing better reports for security and recommendations for the vulnerabilities."
"They stopped their support for a short period. They've recently started to come back again. In the early days, support was much better."
HCL AppScan is ranked 12th in Static Application Security Testing (SAST) with 41 reviews while OWASP Zap is ranked 7th in Static Application Security Testing (SAST) with 37 reviews. HCL AppScan is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify on Demand, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Fortify on Demand. See our HCL AppScan vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.