Jump to main content
HCL Logo Help Center
HCL TECHNOLOGIES ABOUT US PRODUCTS & SOLUTIONS RESOURCES CONTACT US ☰
French / Français Japanese / 日本語 English Chinese (China) / 简体中文 Chinese (Taiwan) / 繁體中文
HCL AppScan on Cloud Help
  • Welcome
  • Getting started
  • Users
  • Applications
  • AppScan Presence
  • Scanning and monitoring
  • Policies
  • Results
  • DevOps
  • Troubleshooting
  • FAQ & Reference
  1. Home
  2. Scanning and monitoring

    Learn how to run scans and IAST monitoring sessions on your apps, and import issues from 3rd party scanners.

  • Scanning and monitoring

    Learn how to run scans and IAST monitoring sessions on your apps, and import issues from 3rd party scanners.

    • Sample apps and scripts

      Use these sample applications to practice scanning with ASoC.

    • Mobile scanning

      ASoC can perform interactive and static analysis of iOS and Android applications.

    • Dynamic (DAST) scanning

      ASoC can perform dynamic analysis of an application that runs in a browser.

    • Static (SAST) scanning

      Use static analysis to scan source code for security vulnerabilities. To accomplish this, either use AppScan Go! or download a small client utility and use its command line interface (CLI) perform security analysis on all supported languages. The client utility also contains a Maven plugin that can be used to scan Java projects. Static analysis plug-ins for Eclipse, IntelliJ IDEA, and Visual Studio are available through their respective marketplaces. Once plugins are installed, you can scan Java projects in Eclipse and IntelliJ IDEA, or .NET (C#, ASP.NET, VB.NET) projects in Visual Studio.

    • Interactive (IAST) monitoring

      ASoC can monitor normal application runtime behavior, to detect vulnerabilities.

    • Personal scans

      A Personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data, or compliance.

    • Private sites

      an AppScan Presence on your server enables you to scan sites not accessible from the Internet.

    • Importing issues from 3rd party scanners

      Whether you use third-party scanners or conduct manual pen tests to discover issues, you can import the issues from a CSV file into ASoC for triaging.

Scanning and monitoring

Learn how to run scans and IAST monitoring sessions on your apps, and import issues from 3rd party scanners.

  • Sample applications and scripts
  • Mobile scanning
  • Dynamic (DAST) scanning
  • Static (SAST) scanning
  • Interactive (IAST) monitoring
  • Personal scans
  • Private sites
  • Importing issues from 3rd party scanners
  • Sample applications and scripts
    Use these sample applications to practice scanning with ASoC.
  • Mobile scanning
    ASoC can perform interactive and static analysis of iOS and Android applications.
  • Dynamic (DAST) scanning
    ASoC can perform dynamic analysis of an application that runs in a browser.
  • Static (SAST) scanning
    Use static analysis to scan source code for security vulnerabilities. To accomplish this, either use AppScan Go! or download a small client utility and use its command line interface (CLI) perform security analysis on all supported languages. The client utility also contains a Maven plugin that can be used to scan Java projects. Static analysis plug-ins for Eclipse, IntelliJ IDEA, and Visual Studio are available through their respective marketplaces. Once plugins are installed, you can scan Java projects in Eclipse and IntelliJ IDEA, or .NET (C#, ASP.NET, VB.NET) projects in Visual Studio.
  • Interactive (IAST) monitoring
    ASoC can monitor normal application runtime behavior, to detect vulnerabilities.
  • Personal scans
    A Personal scan is a way of evaluating the relative security of an application in development without affecting overall application scan data, or compliance.
  • Private sites
    an AppScan Presence on your server enables you to scan sites not accessible from the Internet.
  • Importing issues from 3rd party scanners
    Whether you use third-party scanners or conduct manual pen tests to discover issues, you can import the issues from a CSV file into ASoC for triaging.
About HCL Software / Acquisition FAQ / Government - US Federal / Welcome / Contact Us