We performed a comparison between Fortify WebInspect and HCL AppScan based on real PeerSpot user reviews.
Find out in this report how the two Dynamic Application Security Testing (DAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The solution is able to detect a wide range of vulnerabilities. It's better at it than other products."
"I've found the centralized dashboard the most valuable. For the management, it helps a lot to have abilities at the central level."
"Reporting, centralized dashboard, and bird's eye view of all vulnerabilities are the most valuable features."
"It's a well-known platform for doing dynamic application scanning."
"The most valuable feature of this solution is the ability to make our customers more secure."
"The accuracy of its scans is great."
"The most valuable feature is the static analysis."
"Technical support has been good."
"It highlights, with several grades of severity, the types of vulnerabilities, so we can focus on the most severe security vulnerabilities in the code."
"The HCL AppScan turnaround time for Burp Suite or any new feature request is pretty good, and that is why we are sticking with the HCL."
"It's generally a very user-friendly tool. Anyone can easily learn how to scan"
"We leverage it as a quality check against code."
"The UI was very intuitive."
"The most valuable feature of the solution is the scanning or security part."
"The most valuable feature of the solution is Postman."
"The solution offers services in a few specific development languages."
"Our biggest complaint about this product is that it freezes up, and literally doesn't work for us."
"I'm not sure licensing, but on the pricing, it's a bit costly. It's a bit overpriced. Though it is an enterprise tool, there are other tools also with similar functionalities."
"The scanner could be better."
"Lately, we've seen more false negatives."
"It requires improvement in terms of scanning. The application scan heavily utilizes the resources of an on-premise server. 32 GB RAM is very high for an enterprise web application."
"Creating reports is very slow and it is something that should be improved."
"One thing I would like to see them introduce is a cloud-based platform."
"Not sufficiently compatible with some of our systems."
"I would like to see the roadmap for this product. We are still waiting to see it as we have only so many resources."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"IBM Security AppScan Source is rather hard to use."
"They have to improve support."
"I think being able to search across more containers, especially some of the docker elements. We need a little tighter integration there. That's the only thing I can see at this point."
"The penetration testing feature should be included."
"There is not a central management for static and dynamic."
"Many silly false positives are produced."
Fortify WebInspect is ranked 2nd in Dynamic Application Security Testing (DAST) with 17 reviews while HCL AppScan is ranked 1st in Dynamic Application Security Testing (DAST) with 41 reviews. Fortify WebInspect is rated 7.0, while HCL AppScan is rated 7.8. The top reviewer of Fortify WebInspect writes "A powerful tool catering to multiple use cases that provides reasonably good technical support". On the other hand, the top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". Fortify WebInspect is most compared with PortSwigger Burp Suite Professional, Fortify on Demand, Acunetix, OWASP Zap and Qualys Web Application Scanning, whereas HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Qualys Web Application Scanning. See our Fortify WebInspect vs. HCL AppScan report.
See our list of best Dynamic Application Security Testing (DAST) vendors.
We monitor all Dynamic Application Security Testing (DAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.