We performed a comparison between HCL AppScan and Rapid7 AppSpider based on real PeerSpot user reviews.
Find out in this report how the two Static Application Security Testing (SAST) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."You can easily find particular features and functions through the UI."
"It is a stable solution...It is a scalable solution...The initial setup or installation of HCL AppScan is easy."
"Compared to other tools only AppScan supports special language."
"AppScan is stable."
"For me, as a manager, it was the ease of use. Inserting security into the development process is not normally an easy project to do. The ability for the developer to actually use it and get results and focuses, that's what counted."
"It has certainly helped us find vulnerabilities in our software, so this is priceless in the end."
"The solution is easy to use."
"This is a stable solution."
"Rapid7 AppSpider is good at managing different applications. It uses applets and generates reports to cover the PCA/GDPR compliance requirements."
"The initial deployment is very straightforward and simple. The product is stable if configured properly."
"It scans all the components developed within a web application."
"The most valuable feature is the reporting, which is compliant with international standards."
"What I like most about AppSpider is that it's easy to use and its automated scan gives me all the details I need to know when it comes to vulnerabilities and their solutions."
"I like the ability the product has to detect vulnerabilities quickly, when it has been released in our environment, then displaying them to us."
"The setup is usually straightforward."
"It is really accurate and the rate of false positives is very low."
"There is room for improvement in the pricing model."
"IBM Security AppScan Source is rather hard to use."
"Improvement can be done as per customer requirements."
"They should have a better UI for dashboards."
"The tool should improve its output. Scanning is not a challenge anymore since there are many such tools available in the market. The product needs to focus on how its output is being used by end users. It should be also more user-friendly. One of the major challenges is in the tool's integration with applications that need to be scanned. Sometimes, the scanning is not proper."
"The penetration testing feature should be included."
"There is not a central management for static and dynamic."
"A desktop version should be added."
"There are some glitches with stability, and it is an area for improvement."
"The solution is too slow. It could take a full day to scan. Competitors are much faster."
"Support response times are slow and can be improved."
"Integration could be better."
"One of the challenges I have with AppSpider is that it gives you a lot of false positives, especially when compared to other solutions."
"AppSpider could improve in the area of integration. They need to add more integration opportunities."
"It needs better integration with mobile applications."
"The product needs to be able to scale for large companies, like ours. We have millions of IP addresses that need to be scanned, and the scalability is not great."
HCL AppScan is ranked 12th in Static Application Security Testing (SAST) with 41 reviews while Rapid7 AppSpider is ranked 25th in Static Application Security Testing (SAST) with 13 reviews. HCL AppScan is rated 7.8, while Rapid7 AppSpider is rated 7.8. The top reviewer of HCL AppScan writes " A stable and scalable product useful for application security scanning". On the other hand, the top reviewer of Rapid7 AppSpider writes "Useful vulnerability reporting data, flexible, and simple implementation". HCL AppScan is most compared with SonarQube, Veracode, Acunetix, PortSwigger Burp Suite Professional and OWASP Zap, whereas Rapid7 AppSpider is most compared with Rapid7 InsightAppSec, OWASP Zap, Acunetix, Invicti and SonarQube. See our HCL AppScan vs. Rapid7 AppSpider report.
See our list of best Static Application Security Testing (SAST) vendors.
We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.