Home
Getting started
Security is about protecting your valuable assets. Some of the most important assets your organization owns are in the form of information, such as intellectual property, strategic plans, and customer data. Protecting this information is critical for your organization to continue to operate, be competitive, and meet regulatory requirements.
Sample apps and scripts
Use these sample applications to practice scanning with ASoC.

Welcome
Welcome to the documentation for HCL AppScan on Cloud.
Getting started
Security is about protecting your valuable assets. Some of the most important assets your organization owns are in the form of information, such as intellectual property, strategic plans, and customer data. Protecting this information is critical for your organization to continue to operate, be competitive, and meet regulatory requirements.
- Recent updates
  Discover upcoming and recently added features.
- System requirements
  This topic provides links to system requirements and supported operating systems and languages for the ASoC analyzers. Also learn about the supported browsers and minimum resolution for the service.
- Data center selection
- Create an ASoC account
- Subscriptions
  My Subscriptions shows the status of all your organization's subscriptions, including the number applications or scans left, and the start and end dates.
- Workflow
  This section outlines a typical ASoC workflow for an authorized user with a valid subscription.
- Sample apps and scripts
  Use these sample applications to practice scanning with ASoC.
- Demo videos
  These 'how-to' videos demonstrate using ASoC and how it fits into your workflow, and offer tips and tricks.
- Contact and Support
  Some useful links.
- Certifications
  ISO/IEC certificates.
- Service Description
  The service description describes the HCL AppScan on Cloud service.
- Trial Terms of Use
  TRIAL AGREEMENT FOR HCL APPSCAN ON CLOUD SERVICE
Navigation
This section describes the items on the main ASoC menu bar, and links to more detailed information.
Administration
Define users, applications, policies, and configure DevOps integrations.
DAST
AppScan on Cloud performs security scans for web-applications for production, staging and development environments. For development environments it is aided by Private Site Scanning technology to scan applications not accessible to the open Internet.
IAST
Using an agent installed on your application, ASoC identifies security vulnerabilities in your app during runtime, by monitoring all interactions, both legitimate and malicious. The process is "passive", in the sense that IAST does not send its own tests, and can therefore run indefinitely.
Static analysis
Use static analysis (SAST) to scan for security vulnerabilities in web and desktop applications. Static analysis includes Intelligent Finding Analytics (IFA) and Intelligent Code Analytics (ICA).
Results
The Scan History tab of your application displays your scan results (including scan statistics) and rescan options.
Troubleshooting
If you experience problems with this service, you can perform these troubleshooting tasks to determine the corrective action to take.
FAQ & Reference
Frequently asked questions, information about integrating ASoC into the product lifecycle (SDLC), and ASoC API documentation.

Sample applications and scripts

Use these sample applications to practice scanning with ASoC.

To get the feel of what it's like to scan your application with ASoC, we offer sample applications that you can use to run scans.


Scan type	Download link or demo site
Dynamic (DAST) scan	Demo web application that can be used to try out ASoC (use the URL and credentials below): `https://demo.testfire.net?mode=demo Username: jsmith Password: demo1234` Note: Running a scan of the demo site will not be counted towards your license limit as long as you use the full URL shown. If you remove the `?mode=demo` switch, the scan will be counted towards your limit.
Dynamic (DAST) scan as part of functional testing	Demo functional testing script using ASoC REST API
Static Analysis (SAST) web application code	Sample IRX file
Interactive (IAST) scan as part of functional testing	Sample IAST automation scripts
Importing issues from external scanners	Sample CSV file See Importing issues from 3rd party scanners.

Note: When the above scans are complete you can click the Report icon and download a report, but this report is for demonstration purposes and may not fully correspond to the actual app you used.