Home
Getting started
Security is about protecting your valuable assets. Some of the most important assets your organization owns are in the form of information, such as intellectual property, strategic plans, and customer data. Protecting this information is critical for your organization to continue to operate, be competitive, and meet regulatory requirements.
Workflow
This section outlines a typical ASoC workflow for an authorized user with a valid subscription.

Welcome
Welcome to the documentation for HCL AppScan on Cloud.
Getting started
Security is about protecting your valuable assets. Some of the most important assets your organization owns are in the form of information, such as intellectual property, strategic plans, and customer data. Protecting this information is critical for your organization to continue to operate, be competitive, and meet regulatory requirements.
- Recent updates
  Discover upcoming and recently added features.
- System requirements
  This topic provides links to system requirements and supported operating systems and languages for the ASoC analyzers. Also learn about the supported browsers and minimum resolution for the service.
- Data center selection
- Create an ASoC account
- Subscriptions
  My Subscriptions shows the status of all your organization's subscriptions, including the number applications or scans left, and the start and end dates.
- Workflow
  This section outlines a typical ASoC workflow for an authorized user with a valid subscription.
- Sample apps and scripts
  Use these sample applications to practice scanning with ASoC.
- Demo videos
  These 'how-to' videos demonstrate using ASoC and how it fits into your workflow, and offer tips and tricks.
- Contact and Support
  Some useful links.
- Certifications
  ISO/IEC certificates.
- Service Description
  The service description describes the HCL AppScan on Cloud service.
- Trial Terms of Use
  TRIAL AGREEMENT FOR HCL APPSCAN ON CLOUD SERVICE
Navigation
This section describes the items on the main ASoC menu bar, and links to more detailed information.
Administration
Define users, applications, policies, and configure DevOps integrations.
DAST
AppScan on Cloud performs security scans for web-applications for production, staging and development environments. For development environments it is aided by Private Site Scanning technology to scan applications not accessible to the open Internet.
IAST
Using an agent installed on your application, ASoC identifies security vulnerabilities in your app during runtime, by monitoring all interactions, both legitimate and malicious. The process is "passive", in the sense that IAST does not send its own tests, and can therefore run indefinitely.
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scan History tab of your application displays your scan results (including scan statistics) and rescan options.
Troubleshooting
If you experience problems with this service, you can perform these troubleshooting tasks to determine the corrective action to take.
FAQ & Reference
Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

Workflow

This section outlines a typical ASoC workflow for an authorized user with a valid subscription.

Table 1. Typical workflow
What	Where	Details
Create application	My Applications > Create App button	Scans are sorted in ASoC in applications, so you first create an application in which to run your scans. One application can contain a combination of several scans, and types of scan (DAST \| SAST \| IAST), of one or more sites/apps. See Working with applications.
Create AppScan Presence	AppScan Presences > Create Presence button	(Optional) If the site you are scanning is not accessible from the internet, you must install an AppScan Presence on your machine, with access to the web app or back-end server, and to the Internet. See Creating the AppScan Presence.
Create Scan	My Applications > App > Create Scan button	Open the wizard to configure a Scan. Options are Dynamic (DAST), Static (SAST), and Interactive (IAST). See Scanning and monitoring.
Review Results