HCL AppScan Pros and Cons

IBM appscan is best for the webapplication here we can do both dynamic and static analyse Review collected by and hosted on G2.com.

Sometime IBM app scan generate falsepositive results Review collected by and hosted on G2.com.

IBM® Security AppScan Standard automates application security testing by scanning applications, identifying vulnerabilities, and generating reports with intelligent fix recommendations to ease remediation. It provides static and dynamic application security testing throughout development Review collected by and hosted on G2.com.

it doesn't have support for Oracle fusion middleware stack scaning which is a limitation and doesnt provide any support for SCA based application Review collected by and hosted on G2.com.

It helps to identify latest vulnerabilities Review collected by and hosted on G2.com.

We can't relay solely on scanner results ,have to depend on manual testing as well Review collected by and hosted on G2.com.

Integrates with other IBM software, pulls into siem and watson well Review collected by and hosted on G2.com.

not as thorough or updated as others scanners, does not go as deep on network level Review collected by and hosted on G2.com.

Powerful scanning engine. A robust set of options. Excellent documentation. Review collected by and hosted on G2.com.

True enterprise management, requires the purchase of additional AppScan products. Review collected by and hosted on G2.com.

Real time agent status monitorning, agent logging and It is very cost effective compared to its performance and the features it offers. I like the way it assesses the applications. Review collected by and hosted on G2.com.

The tool IBM Security AppScan Standard is oblivious of the inner workings of the application being tested. It is unaware of the programming languate, OS, database, etc. Review collected by and hosted on G2.com.

Generate accurate results based on the inputs. Uses the solid base of IAST and DAST technologies that are most reliable for detecting the security and other issue of application. Advance configuration options for testing broad range of case. Review collected by and hosted on G2.com.

Deviation from the real output when number of test cases increase. No option to test the complexity of the code while issue being identified in on the real environment. Review collected by and hosted on G2.com.

IBM is one of a few vendors that offer all DAST, SAST & IAST scanning technology. IDM AppScan Standard contains both DAST and IAST via glassbox. IBM can generate the accurate result with high computational time. The reporting format is centralized on risks that is easier for developers to understand. Review collected by and hosted on G2.com.

IBM AppScan standard doesn't offer SCA which is limited only for AppScan Enterprise. Review collected by and hosted on G2.com.

Advance configurations for running the authenticity test of an application. Scope of verification is wide, you can not think all security issues it offers to identify. Integration process is easy. Review collected by and hosted on G2.com.

Sometime gives few results when number of test performed is increased. Review collected by and hosted on G2.com.

Alert of possible threat/vulnerability, Range of testing is quiet impressive, Quick remediation results and authentication test with advanced configuration. Review collected by and hosted on G2.com.

Retesting fails when number of issues increased. It also reports non-threats sometime. Review collected by and hosted on G2.com.