TrustRadius

HCL AppScan vs. Rapid7 AppSpider

Overview
ProductRatingMost Used ByProduct SummaryStarting Price
HCL AppScan
Score 5.1 out of 10
N/A
AppScan (formerly Rational AppScan) is an application security testing solution acquired by HCL Technologies from IBM in late 2018. Appscan supports both dynamic (DAST) and static (SAST) application security testing.N/A
Rapid7 AppSpider
Score 9.3 out of 10
N/A
AppSpider, from Boston-based Rapid7, is an application security and testing offering based on technology acquired from NT OBJECTives (their similarly named software NTOSpider, acquired with the company during April, 2015).
$2,000
Per Application
Pricing
HCL AppScanRapid7 AppSpider
Editions & Modules
No answers on this topic
InsightAppSec
$2,000.00
Per Application
Offerings
Pricing Offerings
HCL AppScanRapid7 AppSpider
Free Trial
YesNo
Free/Freemium Version
NoNo
Premium Consulting/Integration Services
NoNo
Entry-level Setup FeeNo setup feeNo setup fee
Additional Details
More Pricing Information
Community Pulse
HCL AppScanRapid7 AppSpider
User Ratings
HCL AppScanRapid7 AppSpider
Likelihood to Recommend
8.3
(0 ratings)
8.0
(0 ratings)
User Testimonials
HCL AppScanRapid7 AppSpider
Likelihood to Recommend
I would say that HCL AppScan is very simple to understand and use since it uses a user-friendly interface and the terminologies that are used in the interface of the application is very clear. We can automate a scan with any third party like Jenkins. The fact, I don't like is the time takes to execute the application, it should be better.
Verified User
Anonymous
Read full review
Rapid7 AppSpider could be your default DAST (Dynamic Application Security Testing), it covers the OWASP top 10 for web and APIs. Great tools, with a very nice and understandable report and analytics, work excellent for one-shot or continuous monitoring of your web assets. Also has a fair amount of integrations with other popular tools.
Randy Varela | TrustRadius Reviewer
Randy Varela
Offensive Security Engineer Lead
Read full review
Pros
  • AppScan works well in finding application vulnerabilities such as SQL injection, cross-site scripting and all of the OWASP top 10.
  • Flexible reporting allows us to generate executive reports for application owners as well as separate technical reports for developers and system engineers.
  • Technical reports include remediation information and cross reference CVSS scores
  • Because it maintains data on all repeated assessments it helps us to do trending and metrics on compliance
SS
Seth Shestack
Executive Director, Deputy CISO
Read full review
  • OWASP Top 10.
  • Crawling web applications.
  • Web application security testing.
Randy Varela | TrustRadius Reviewer
Randy Varela
Offensive Security Engineer Lead
Read full review
Cons
  • The functions you want, the points that are difficult to understand.
  • Issues presented in the vulnerability diagnostic report may not be fully explained and not well understood.
  • You may think it is very basic and natural, "diagnose screen after login" "diagnose according to input transition ⇒ confirmation ⇒ completion" but to do all this, you need regular expressions, and macros, there are many products that require you to write scripts.
Brandon R Hudson | TrustRadius Reviewer
Brandon R Hudson
Software Engineer
Read full review
  • Scan might be slow compared to other tools.
  • Not a lot of training on the vendor side.
Randy Varela | TrustRadius Reviewer
Randy Varela
Offensive Security Engineer Lead
Read full review
Alternatives Considered
When we used Veracode, it takes a-lot of time to run a source code analysis. It's user interface is also bit clumsy. So we switched to HCL AppScan. It enables enterprises to scan internal and external applications for vulnerabilities. It provides quick and easy access to the most updated security guidelines by scanning applications against the OWASP Top 10 vulnerabilities.
Sanjana Gupta | TrustRadius Reviewer
Sanjana Gupta
Internet Marketing Manager
Read full review
Randy Varela | TrustRadius Reviewer
Randy Varela
Offensive Security Engineer Lead
Read full review
Return on Investment
  • Reduced manual effort by 20-30%
  • Integrate 3-4 security solutions with other tools in the system
  • prevent sql injection attacks in our business
Verified User
Anonymous
Read full review
  • Great ROI for consultant projects.
Randy Varela | TrustRadius Reviewer
Randy Varela
Offensive Security Engineer Lead
Read full review
ScreenShots

HCL AppScan Screenshots

Screenshot of Cloud Security: AppScan will scan Docker containers and container images to ensure that third party components have not introduced vulnerabilities to an application. Software composition analysis (SCA) tools help organizations inventory third-party commercial and open source components used within their software to understand which components and versions are being used and to identify security vulnerabilities affecting those components.Screenshot of API Testing: This dangerous attack vector can be secured by identifying vulnerable third-party components, automating and integrating API testing and detecting issues in the IDE.Screenshot of Auto Issue Correlation: AppScan leverages three technologies (DAST, SAST, IAST) to enrich results, validate fixes and reduce the number remediation tasks by grouping issues together.Screenshot of 30+ Code Languages Supported: HCL AppScan offers an extensive list of supported code languages.