We performed a comparison between HCL AppScan and OWASP Zap based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The UI was very intuitive."
"Compared to other tools only AppScan supports special language."
"It is easy it is to use. It is quick to find things, because of the code scanning tools. It's quite simple to use and it is very good the way it reports the findings."
"The product has valuable features for static and dynamic testing."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"This is a stable solution."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"It was easy to set up."
"The product discovers more vulnerabilities compared to other tools."
"Simple and easy to learn and master."
"The solution has tightened our security."
"ZAP is easy to use. The automated scan is a powerful feature. You can simulate attacks with various parameters. ZAP integrates well with SonarQube."
"The stability of the solution is very good."
"The reporting is quite intuitive, which gives you a clear indication of what kind of vulnerability you have that you can drill down on to gather more information."
"This solution has improved my organization because it has made us feel safer doing frequent deployments for web applications. If we have something really big, we might get some professional company in to help us but if we're releasing small products, we will check it ourselves with Zap. It makes it easier and safer."
"Two features are valuable. The first one is that the scan gets completed really quickly, and the second one is that even though it searches in a limited scope, what it does in that limited scope is very good. When you use Zap for testing, you're only using it for specific aspects or you're only looking for certain things. It works very well in that limited scope."
"We have experienced challenges when trying to integrate this solution with other products. When you compare it with the other SecOps products, the quality of the output is too low. It is not a new-age product. It is very outdated."
"If HCL AppScan is able to alert the clients over email once the scan is complete, it would be great. Right now, HCL AppScan doesn't let me know if the scanning part is finished or not, because of which I have to come back and check mostly."
"The dashboard, for AppScan or the Fortified fast tool, which we use needs to be improved."
"One thing which I think can be improved is the CI/CD Integration"
"They should have a better UI for dashboards."
"The solution's scalability can be a matter of concern because one license runs on one machine only."
"It has crashed at times."
"The solution could improve by having a mobile version."
"It would be ideal if I could try some pre-built deployment scenarios so that I don't have to worry about whether the configuration sector team is doing it right or wrong. That would be very helpful."
"The product reporting could be improved."
"Too many false positives; test reports could be improved."
"I would like to see a version of “repeater” within OWASP ZAP, a tool capable of sending from one to 1000 of the same requests, but with preselected modified fields, changing from a predetermined word list, or manually created."
"The port scanner is a little too slow."
"There isn't too much information about it online."
"It doesn't run on absolutely every operating system."
"There's very little documentation that comes with OWASP Zap."
HCL AppScan is ranked 11th in Static Application Security Testing (SAST) with 41 reviews while OWASP Zap is ranked 8th in Static Application Security Testing (SAST) with 37 reviews. HCL AppScan is rated 7.8, while OWASP Zap is rated 7.6. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of OWASP Zap writes "Great for automating and testing and has tightened our security ". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and Fortify on Demand, whereas OWASP Zap is most compared with SonarQube, Acunetix, Qualys Web Application Scanning, Veracode and Fortify on Demand. See our HCL AppScan vs. OWASP Zap report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.