Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
HCL AppScan on Cloud Help
  • Welcome
  • Getting started
  • Navigation
  • Administration
  • DAST
  • IAST
  • Static analysis
  • Results
  • Troubleshooting
  • FAQ & Reference
  1. Home
  2. FAQ & Reference

    Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

  • FAQ & Reference

    Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

    • FAQ

      Some frequently asked questions.

    • Threat Class and CWE

      Tables showing Threat Classes of issues tested for by ASoC, and their related CWE numbers.

    • Understand DAST Scanning

      An ASoC Dynamic (DAST) scan consists of two stages: Explore and Test. It is useful to understand the principal behind this, even though most of the scan process is seamless to the user, and no input is required until the scan is complete. The Explore stage can be run automatically as part of the automatic scan, or manually by the user, or a combination of both.

    • Understand Private Site Scanning

      ASoC provides Dynamic Application Security Testing (DAST) from a cloud-based scanner as SaaS. This capability requires the cloud-based scanner to be able to access the tested application. Publicly available web-based applications can be scanned without issue. However, Private Site Scanning (PSS) is only possible after adding network components (such as VPNs or proxies) or changing the network to allow the scanner to access the web application’s host server.

    • CSV format

      This section describes how to save response data as in CSV format.

    • Notices

FAQ & Reference

Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

  • FAQ
  • Threat Classes and related CWE numbers
  • Understanding Private Site Scanning
  • FAQ
    Some frequently asked questions.
  • Threat Classes and related CWE numbers
    Tables showing Threat Classes of issues tested for by ASoC, and their related CWE numbers.
  • Understanding Dynamic (DAST) Scanning
    An ASoC Dynamic (DAST) scan consists of two stages: Explore and Test. It is useful to understand the principal behind this, even though most of the scan process is seamless to the user, and no input is required until the scan is complete. The Explore stage can be run automatically as part of the automatic scan, or manually by the user, or a combination of both.
  • Understanding Private Site Scanning
    ASoC provides Dynamic Application Security Testing (DAST) from a cloud-based scanner as SaaS. This capability requires the cloud-based scanner to be able to access the tested application. Publicly available web-based applications can be scanned without issue. However, Private Site Scanning (PSS) is only possible after adding network components (such as VPNs or proxies) or changing the network to allow the scanner to access the web application’s host server.
  • CSV format
    This section describes how to save response data as in CSV format.
  • Notices
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences