4 out of 5 (10 Ratings)
Mar 7, 2017
The product is good in a corporate environment but when deploying it in an Educational Institution it becomes tricky. The reason is the educational environment is very decentralized so to offer a service that allows for different skill sets to leverage the AppScan.
Mar 2, 2017
The product it great, but they have very confusing licenses.
Dec 12, 2016
Vendor maintained close contact with us. Provide guidance as needed. Allowed us to participate in beta program.
Dec 7, 2016
Product is easy to install. Appscan Standard is easier to configure as compare to enterprise. Enterprise configuration is not as granular as Standard, but it has improved drastically since release 9. Appscan Source is a good product and it does report false positives. With IGA, the reporting is more actionable. Some of the service integration is buggy, but it is better than other products in the market place. Doesn't work well on some on some of the newer Java Script frameworks.
Dec 6, 2016
The AppScan tool suite (both Dynamic and Static) do provide excellent results and customer support that was attentive and responsive, that ultimately allowed us to deliver on our security assurance requirements to our customers. The nature of the tool and the workflow for products requires extra continuous steps that aren't required in tools such as Klocwork. The We worked closely with level 3 support, senior technical members as well as senior architects to ensure the product meets our needs. The on-premise suite of tools provide very good results. The dynamic + enterprise provide a very good platform for automation and scheduling, and the static analysis has improved significantly over the life. of the product, and now becoming very mature with the new cloud offering. The workflow issues are being addressed as part of the new cloud offerings and especially helpful with the new watson analytics to minimize false positives. We are working with IBM on their cloud solution that addresses a lot of ISV concerns including not requiring source code to be pushed to the cloud, advanced analytics determing the best results, and close IDE integration.
Dec 5, 2016
Very responsive to requests and focused on improving the product for their customers.
Dec 1, 2016
Appscan Source is really brillinant with the main usecase: perform scans and provide findings... The findings correlates to the result of external penetration tests as well. It is less brilliant with usability. It is a highly sophisticated tool that is based on a few different toolset being merged. Clearly the integration of SAST components to Appscan Enterprise server is not complete. Also the tool is not covering all the activities needed when used inside SDLC, and should improve on the usecase of re-scanning an application and spotting the difference.
Jun 13, 2016
POC effort went well. Plenty of latitude and assistance provided by sales group.
Jun 13, 2016
The scan tool is easy to deploy and use, but also has customizability.
Dec 7, 2015
Good product in general. Useful in identifying vulnerabilities in the source code.