4 out of 5 (10 Ratings)

10 Verified Reviews

Security AppScan Enterprise

AppScan Enterprise and Educational

The product is good in a corporate environment but when deploying it in an Educational Institution it becomes tricky. The reason is the educational environment is very decentralized so to offer a service that allows for different skill sets to leverage the AppScan.

Security AppScan Enterprise, Security AppScan Source, Security AppScan Standard

We would require a more involvement in design aspects of the implementation

The product it great, but they have very confusing licenses.

Security AppScan Enterprise, Security AppScan Source, Security AppScan Standard

Implementation was not too difficult. But needs improved in false-positives reduction.

Vendor maintained close contact with us. Provide guidance as needed. Allowed us to participate in beta program.

Security AppScan Enterprise, Security AppScan Source, Security AppScan Standard

Easy to implement. We wrote custom codeto improve details on report.

Product is easy to install. Appscan Standard is easier to configure as compare to enterprise. Enterprise configuration is not as granular as Standard, but it has improved drastically since release 9. Appscan Source is a good product and it does report false positives. With IGA, the reporting is more actionable. Some of the service integration is buggy, but it is better than other products in the market place. Doesn't work well on some on some of the newer Java Script frameworks.

Security AppScan Enterprise, Security AppScan Source, Security AppScan Standard

Result quality is excellent but needs overall workflow improvement

The AppScan tool suite (both Dynamic and Static) do provide excellent results and customer support that was attentive and responsive, that ultimately allowed us to deliver on our security assurance requirements to our customers. The nature of the tool and the workflow for products requires extra continuous steps that aren't required in tools such as Klocwork. The We worked closely with level 3 support, senior technical members as well as senior architects to ensure the product meets our needs. The on-premise suite of tools provide very good results. The dynamic + enterprise provide a very good platform for automation and scheduling, and the static analysis has improved significantly over the life. of the product, and now becoming very mature with the new cloud offering. The workflow issues are being addressed as part of the new cloud offerings and especially helpful with the new watson analytics to minimize false positives. We are working with IBM on their cloud solution that addresses a lot of ISV concerns including not requiring source code to be pushed to the cloud, advanced analytics determing the best results, and close IDE integration.

Security AppScan Enterprise, Security AppScan Source

Analysis is great, but needs to cover more technologies and improve stability.

Very responsive to requests and focused on improving the product for their customers.

Security AppScan Enterprise, Security AppScan Source, Other...

Should improve integration of internal components and cover the gaps on E2E usage in SDLC

Appscan Source is really brillinant with the main usecase: perform scans and provide findings... The findings correlates to the result of external penetration tests as well. It is less brilliant with usability. It is a highly sophisticated tool that is based on a few different toolset being merged. Clearly the integration of SAST components to Appscan Enterprise server is not complete. Also the tool is not covering all the activities needed when used inside SDLC, and should improve on the usecase of re-scanning an application and spotting the difference.

Security AppScan Enterprise, Security AppScan Mobile Analyzer, Security AppScan Source

AppScan done, we did it!

POC effort went well. Plenty of latitude and assistance provided by sales group.

Security AppScan Standard

Easy to use but also customizable.

The scan tool is easy to deploy and use, but also has customizability.

Security AppScan as a Service

Good product. Has the possibility to decrease the false positive outcomes.

Good product in general. Useful in identifying vulnerabilities in the source code.