---
title: HCL AppScan Reviews
meta_title: 'HCL AppScan Reviews 2026: Details, Pricing, & Features | G2'
meta_description: Filter 76 reviews by the users' company size, role or industry to
  find out how HCL AppScan works for a business like yours.
aggregate_rating:
  rating_value: 4.1
  review_count: 76
  scale: '5'
date_modified: '2026-07-12'
parent_category:
  name: "DevSecOps\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t"
  url: https://www.g2.com/categories/devsecops
---

# HCL AppScan Reviews
**Vendor:** HCL Technologies  
**Category:** [Dynamic Application Security Testing (DAST) Software](https://www.g2.com/categories/dynamic-application-security-testing-dast)  
**Average Rating:** 4.1/5.0  
**Total Reviews:** 76
## About HCL AppScan
HCL AppScan is a comprehensive suite of market-leading application security testing solutions (SAST, DAST, IAST, SCA, API), available on-premises and on-cloud. These powerful DevSecOps tools pinpoint application vulnerabilities, allowing for quick remediation in every phase of the software development lifecycle. Fast and Accurate Scanning for Secure DevOps Developers and DevOps teams can quickly and accurately scan code, applications, and APIs for security vulnerabilities while applications are being developed. This allows companies to fix issues at the earliest stages of the software development lifecycle, when it is least costly to the business. Focus on the Fix Continuous monitoring with IAST, along with auto issue correlation with DAST and SAST scan results allows DevOps teams to group and prioritize findings for faster, more streamlined remediation. Enterprise Management for Security Teams Centralized, easy-to-use dashboards provide visibility and oversight of all security scanning and remediation, and allow users to set scan parameters and compliance policies.




## HCL AppScan Reviews
  ### 1. HCL App Scan

**Rating:** 3.5/5.0 stars

**Reviewed by:** sanjay s. | Security Analyst, Small-Business (50 or fewer emp.)

**Reviewed Date:** December 13, 2022

**What do you like best about HCL AppScan?**

HCL App Scan has a really good user interface. It clearly shows the number of vulnerabilities and provides detailed, accurate information about each one. This helps me, as a tester, analyze the results much better and understand the issues more easily.

**What do you dislike about HCL AppScan?**

HCL App Scan is good at finding vulnerabilities. However, compared to other enterprise tools, it tends to report more false positives. At times, the number of false-positive issues can be a problem.

**What problems is HCL AppScan solving and how is that benefiting you?**

The best feature is how easily it shows the flow of the code. It captures the vulnerability and then lets me trace it back to the source code, which is very important, especially in the context of code review. It’s also easy to integrate.

  ### 2. I've been using the product for almost 20 years

**Rating:** 3.0/5.0 stars

**Reviewed by:** Andrew P. | Sr. Security Specialist, Enterprise (> 1000 emp.)

**Reviewed Date:** January 23, 2024

**What do you like best about HCL AppScan?**

Ease of use.   I can quickly scan a sight and have the response to the developers in a timely maner.

**What do you dislike about HCL AppScan?**

I can't scan applications behind Azure that use MFA.  The recording login feature only allows me to use their built in browser.  When I choose a third party browser to run a scan it will only start that browser in private mode so I can't use cached credentials.  The reporting does not allow me to export to an excel file to create a check list of what the issues are so I can easily track resolutions with projects and developers.  I've only had to use customer support once and it was not a good experience.   I had to work directly with the technical sales department to have my issue resolved.  I'd recommend using the same approach.  The license manager is a nightmare to work with.  I have to re-build my machine everytime I switch networks to perform a scan.  802.1x completely breaks the license manager so I have to get a by-pass from our networking group.  Not sure why Licensing is so difficult to use.  I've had co-workers who quit using the product because of it.

**What problems is HCL AppScan solving and how is that benefiting you?**

I'm able to provide the developers a report of issues that may be present in their solution.  Usually the report consists of variables that I do not understand but the report seems to make sense to the developers, which is good.

  ### 3. Easy to setup and powerful application security

**Rating:** 4.0/5.0 stars

**Reviewed by:** chandramohan K. | Junior System Administrator, Small-Business (50 or fewer emp.)

**Reviewed Date:** March 10, 2024

**What do you like best about HCL AppScan?**

It is easy to use and have Comprehensive Security Testing, Vulnerability Detection, including web, mobile, and cloud-based applications, needs of modern businesses with the less number of false positivies and the ease of UI makes it the best of its kind.

It is easy to install and setup with Automatic scan also, if stuck at some point then support from the team is quick and excellent

**What do you dislike about HCL AppScan?**

While scanning, if any error occurs then It can recommend the fix for the error that occurred during the scan which can be fixed in future.Like its storing multiple manuals explore, It should have the capability of storing multiple logins.

HCL AppScan's document should mention step by step for beginners which can be helpful

**What problems is HCL AppScan solving and how is that benefiting you?**

It scan the application and fix the loop hole in application security beforehand any disaster happens

  ### 4. A Testing Suite that packs quite a punch!

**Rating:** 5.0/5.0 stars

**Reviewed by:** Pranav U. | Flutter Developer, Mid-Market (51-1000 emp.)

**Reviewed Date:** February 09, 2024

**What do you like best about HCL AppScan?**

The best thing I like about HCL AppScan is the clean and simple UI amalgamated with pretty accurate scan results. Unlike other applications or software, this app is very beginner friendly and the support it offers is outstanding.

**What do you dislike about HCL AppScan?**

Even though the app is accurate, some false positives always creeps in. Comparatively it gives less false positives than others in the market but I believe the false positives can be avoided in future to make testing less menial.

**What problems is HCL AppScan solving and how is that benefiting you?**

It helps in identifying security threats way earlier, during production itself and hence enables us to take mitigation steps or even raise the issue with higher authorities. HCL AppScan has been a life saver in the security domain for code analysis and vulnerability testing.

  ### 5. All in one solution

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Pharmaceuticals | Enterprise (> 1000 emp.)

**Reviewed Date:** February 12, 2024

**What do you like best about HCL AppScan?**

One of the most important aspects especially about 
HCL AppScan is super easy to integrate directly into the SDLC. Managing it is very user-friendly and very easy for DevOps to also use. It is hosted in a cloud-native environment so it provides high availability, scalability and high restorable capacities for disaster recovery. Apart from that there are almost all the features available that are needed for proper in-depth Application Security Scanning, along with providing visibility into the current security posture and safeguarding the applications from threats, and vulnerabilities. It also keeps track of any compliance violations. Their crawler I must say is one of the top-notch in the market. Since it provides a  comprehensive solution for security testing and management, it is used as a daily tool. It helped significantly to reduce errors and track metrics on a daily cadence.
Another, interesting point to note is their prompt customer service, if any assistance is required. 
Overall it is a great tool! I highly recommend it!

**What do you dislike about HCL AppScan?**

The only downside I can think of is the cost is a bit on the higher end for lower-budget projects.

**What problems is HCL AppScan solving and how is that benefiting you?**

HCL AppScan has significantly reduced the flaw counts, which has made a positive impact on our overall security metrics and security posture. Due to its ease of implantation, I am now able to implement a Shift-left mentality in a more hostile approach. That was one of the major milestones that I have been able to achieve using the tool.

  ### 6. Empowering Application Security with HCL AppScan

**Rating:** 4.5/5.0 stars

**Reviewed by:** Athar S. | Lead SecOps Engineer, Mid-Market (51-1000 emp.)

**Reviewed Date:** November 21, 2023

**What do you like best about HCL AppScan?**

HCL AppScan stands out in delivering comprehensive security solutions. Its extensive suite of features guarantees a meticulous evaluation of applications, assisting in the identification and remediation of potential vulnerabilities with exceptional efficacy.


The most advantageous aspect of HCL AppScan lies in its sophisticated security testing capabilities. The tool's prowess in performing exhaustive scans and its adaptability to diverse security testing methodologies render it an invaluable asset in safeguarding applications against a myriad of potential threats.

HCL AppScan's intuitive interface simplifies navigation and its adaptability to diverse testing methodologies enhances its effectiveness.

**What do you dislike about HCL AppScan?**

While HCL AppScan is a powerful tool, the learning curve for new users can be steep. Beginners might find it challenging to grasp the full range of features and functionalities initially.


AppScan's documentation could be more detailed and beginner-friendly.
AppScan's implementation process can be challenging for some users.

**What problems is HCL AppScan solving and how is that benefiting you?**

HCL AppScan tackles the intricacies of Dynamic Application Security Testing (DAST) with finesse. It adeptly uncovers vulnerabilities in operational applications, erecting a critical barrier against potential threats. This unwavering dedication to DAST guarantees that your applications endure rigorous and dynamic security evaluations, fostering a more resilient security stance.

  ### 7. The easy choice

**Rating:** 4.5/5.0 stars

**Reviewed by:** K U  K. | Cyber Security Analyst, Mid-Market (51-1000 emp.)

**Reviewed Date:** November 25, 2023

**What do you like best about HCL AppScan?**

HCL AppScan is a robust platform which has a great customer support which was the first choice to consider. Leverging the full potential in our DevSecOps team from the very beginning of our SDLC, the app setup was a breeze. Some of the noteworthy features that is unique to AppScan is SAST scan, cloud native, vast integration library and cross application monitoring.
A noteworthy thing to point out is, the implementation took a very short amount of time which made AppScan as the easy choice.

**What do you dislike about HCL AppScan?**

There are no shortcomings in the AppScan according to my usage and workflow.

**What problems is HCL AppScan solving and how is that benefiting you?**

It is helping to scan the vulnerabilities on the cloud as we as on premise systems. Also, we use it in every phase of our SDLC to point out the code level vulnerabilities.

  ### 8. HCL Appscan

**Rating:** 4.5/5.0 stars

**Reviewed by:** Shreyansh Kumar  G. | Mid-Market (51-1000 emp.)

**Reviewed Date:** February 23, 2024

**What do you like best about HCL AppScan?**

HCL Appscan is known for its comprehensive approach to application security testing. One of the best feature is its ability to detect a wide range of vulnerability across various types of application. It has advanced scanning capabilities.

**What do you dislike about HCL AppScan?**

Interface can be more good. As Appscan is a commercial product it may not fit every budget

**What problems is HCL AppScan solving and how is that benefiting you?**

HCL Appscan is solving problems such as security vulnerabilities in web application and APIs. It is benefitting me in various ways such as risk reduction, vulnerability identification,etc.

  ### 9. Technical Lead

**Rating:** 5.0/5.0 stars

**Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.)

**Reviewed Date:** November 21, 2023

**What do you like best about HCL AppScan?**

HCL AppScan has been a game-changer for our security initiatives. Its robust features, including dynamic and static application security testing, have provided a thorough analysis of our applications. The comprehensive reports help us pinpoint vulnerabilities early in the development process, allowing for timely remediation. The interactive application security testing adds an extra layer of depth, ensuring a more resilient software environment. The user-friendly interface and detailed documentation further contribute to the overall positive experience. HCL AppScan undoubtedly stands out as a valuable asset in our quest for secure and reliable applications.

**What do you dislike about HCL AppScan?**

While HCL AppScan offers a robust set of features for application security, there are some areas that could be improved. The learning curve for new users is steeper than desired, and the initial setup process can be a bit cumbersome.

**What problems is HCL AppScan solving and how is that benefiting you?**

HCL AppScan has been instrumental in solving critical security challenges in our software development lifecycle. The Static Application Security Testing (SAST) functionality provides a deep dive into our source code, uncovering vulnerabilities early in the development process. This has significantly reduced the likelihood of releasing code with potential security risks.

On the Dynamic Application Security Testing (DAST) front, AppScan's ability to simulate real-world attacks on running applications has been a game-changer. It detects vulnerabilities that might not be apparent in the source code alone, offering a comprehensive view of our application's security posture in different environments.

The seamless integration of SAST and DAST in a single platform streamlines our security testing efforts. The consolidated reports provide actionable insights, enabling our team to prioritize and address vulnerabilities efficiently. HCL AppScan's contribution to enhancing the overall security of our applications is undeniable, and its role in fortifying our software against potential threats is invaluable.

  ### 10. Advanced scan results with less false positives

**Rating:** 5.0/5.0 stars

**Reviewed by:** Shashank B. | Mid-Market (51-1000 emp.)

**Reviewed Date:** February 15, 2024

**What do you like best about HCL AppScan?**

Appscan tool is amongst top rated automated scan tools that covers advanced attack surfaces and discovers vulnerabilities with minimal false positives.

Best feature is it scans to a wider extent and advanced attacks which helps secure applications

**What do you dislike about HCL AppScan?**

Tools may adopt better cvss and cwe profiling of identified vulnerabilities

**What problems is HCL AppScan solving and how is that benefiting you?**

It quickly scans the application binaries and results are accurate with elaborative attack description


## HCL AppScan Discussions
  - [Who owns AppScan?](https://www.g2.com/discussions/who-owns-appscan) - 1 comment
  - [Is AppScan free?](https://www.g2.com/discussions/is-appscan-free) - 1 comment

- [View HCL AppScan pricing details and edition comparison](https://www.g2.com/products/hcl-appscan/reviews/hcl-appscan-review-7500350?section=pricing&secure%5Bexpires_at%5D=2026-07-14+00%3A32%3A32+-0500&secure%5Bsession_id%5D=45a92b02-ef3d-4854-b3ba-6a26053e38a6&secure%5Btoken%5D=caca7ac32c5179ce6f838e1f8c03cc0a61c2f600d63de02a06bf3279de5ce3b5&format=llm_user)

## HCL AppScan Features
**Administration**
- API / Integrations
- Extensibility

**Administration**
- API / Integrations
- Extensibility

**Functionality - Software Composition Analysis **
- Language Support
- Integration
- Transparency

**Analysis**
- Reporting and Analytics
- Issue Tracking
- Static Code Analysis
- Code Analysis

**Analysis**
- Reporting and Analytics
- Issue Tracking
- Static Code Analysis
- Vulnerability Scan
- Code Analysis

**Effectiveness - Software Composition Analysis**
- Remediation Suggestions
- Continuous Monitoring
- Thorough Detection

**Testing**
- Command-Line Tools
- Manual Testing
- Test Automation
- Compliance Testing
- Black-Box Scanning
- Detection Rate
- False Positives

**Testing**
- Manual Testing
- Test Automation
- Compliance Testing
- Black-Box Scanning
- Detection Rate
- False Positives

**Agentic AI - Interactive Application Security Testing (IAST)**
- Autonomous Task Execution

**Agentic AI - Static Application Security Testing (SAST)**
- Autonomous Task Execution

## Top HCL AppScan Alternatives
  - [Invicti (formerly Netsparker)](https://www.g2.com/products/invicti-formerly-netsparker/reviews) - 4.5/5.0 (68 reviews)
  - [Veracode Application Security Platform](https://www.g2.com/products/veracode-application-security-platform/reviews) - 3.8/5.0 (25 reviews)
  - [Checkmarx](https://www.g2.com/products/checkmarx/reviews) - 4.2/5.0 (43 reviews)

