Recent updates

Discover upcoming and recently added features.

Updates: To receive notifications of AppScan on Cloud updates: Subscribe to AppScan News.
Translations: If you are reading this page in translation, be aware that it may not include the latest additions. To see the latest version of this page, switch to the English version, using the "Change Language" option at the top right of the menu bar.

New on August 5, 2020

  • Support for AngularJS 8 and 9
  • Support for Ionic Framework
  • New language support for TypeScript
  • General bug fixes and improvements

New on August 4, 2020

  • Mobile: Android 10 is now supported
  • DAST: Scan logs can now be downloaded from the UI
  • SAST: Updated the uniqueness (hash) calculation for SAST findings to reduce duplicates; existing findings will be transitioned automatically to the new hash version
  • API:
    • Implemented an API function that returns the number of issues per Status
    • Domains API added
    • Swagger functions now include the possible error response codes
  • Reports: Parameters, comments, Java Scripts, Cookies and Filtered URLs were added to the Application Data section in the DAST scan report

New on July 19, 2020

  • Exported Users CSV file now includes Inviter name column.
  • Fix Group ID is now included in CSV Reports (it was already included in other formats).
  • API: New “InformationalIssues” field added to the application, showing the number of Active Informational issues it contains.
    Note: Since all Applications include this new field, the ‘Last Updated’ field in the UI has changed to the time of this change.

New on July 12, 2020

  • User interface:
    • Scans “Under Review” can now be deleted
    • Swagger can now be opened automatically from the UI Settings page if the user is logged in
  • API: DAST Scan Log download is now available
  • Documentation: The online Help menubar now includes a "Change Language" drop-down list that lets you switch easily between languages on any page.

New on June 28, 2020

  • IAST:
    • IAST technology is now referred to as “IAST Monitoring Session” or "IAST Session" rather than “IAST Scan”
    • Simplified the wizard for starting an IAST Session
    • Agent download now always includes the agent key
  • Reports: DISA report updated to R4V10
  • API:
    • Improved error notification
    • Last few characters of FlexNet LicenseKey are now exposed on GetTenantInfo

New on June 24, 2020

New on June 22, 2020

  • iOS: StackTrace of insecure connection is added to the Scan Report.

New on June 10, 2020

  • IAST: Additional security rules (server and x-powered-by header detection, password leakage), bug fixes and performance enhancements.

New on June 7, 2020

  • Reports: Users can now create CSV format application reports and filtered issues reports.

New on May 25, 2020

  • Execution date and time added to scan details, so that duration represents Scan Execution time, excluding any queue or pending time.
  • Quick filter on the Fix Groups tab changed to ‘Non-Compliant’ (instead of ‘Active Status’).
  • Link to IAST documentation added to Create IAST Scan dialog.
  • New API added for getting count of issues by severity.
  • Webhooks added to the API, to receive notifications about events that occur in AppScan On Cloud. Two event types are supported: completion of scan execution and change in application counters or status. For more details see Webhooks.
  • Improved filtering of duplicate issues for SAST scans: The Hash algorithm used to uniquely identify SAST Issues has been improved to reduce duplicate Issues. New Issues will be stored with the new internal hash. However the hash value of existing Issues will not be changed.
  • Reports: Fix Groups ID added to the Fix Group sections on the report.
Advance Notice: See Personal Scans: Important Change

New on May 21, 2020

New on May 10, 2020

  • Rename scans: You can now rename scans in the UI. Previously found Issues remain listed under the old scan name, but new and repeat issues will be listed with the new name.
  • Reports:
    • Changed SAST Custom Advisory structure.
    • Unified cover page for all reports.
    • DAST XML report: The order of the "URL Group" and "Entity Group" sections in DAST XML reports has been changed. Other versions of the report are not affected.
  • Dashboard: Improved performance.
  • Scan History: Improved loading, especially when there are many scans in the list.
  • General bug fixes.
Advance Notice: See Personal Scans: Important Change

New on April 22, 2020

  • Scan Reports:
    • SAST Fix Group name and content now match those shown in the UI and Application Reports.
    • SAST Scan Reports now include Custom Advisories, as in Application Reports.
    • Cover page updated and TOC added, to match Application Reports.
    • Discussion and History check boxes added to the Metadata options.
  • User Interface: Search capability added in "Users & Roles" and "Asset Groups".
  • Improved performance and bug fixes.

New on April 15, 2020

  • General bug fixes and improvements.

New on April 7, 2020

  • Documentation: The localized versions of the documentation (French, Japanese, Simplified Chinese, and Traditional Chinese) have been updated.

New on April 6, 2020

  • User interface improvements:
    • You can now sort the Issues and AppScan Presences columns in the All Issues tab by clicking the column header.
    • Added an auto-complete to the URL field when creating a Dynamic Scan.
  • General improvements and bug fixes

New on April 3, 2020

New on March 27, 2020

  • New language support for Kotlin and Swift.
  • .NET analysis improvements to reduce false positives.
  • Improved PHP support.
  • General bug fixes and improvements.

New on March 25, 2020

  • IAST Scans: Our latest scan technology uses an agent deployed on the web server of the tested application to monitor traffic sent during runtime, and report vulnerabilities it finds. Unlike other ASoC scans, an IAST scan doesn't generate its own traffic, but monitors your system tests, or traffic sent during a DAST Scan. So you can have ongoing identification of runtime issues without the need to send dedicated test requests. See Interactive (IAST) monitoring.
  • Test Optimization for DAST Scans: The DAST scan setup wizard has a new Test Optimization slider that lets you control the extent of tradeoff between issue coverage and scan speed. Test Optimization selectively sends tests most likely to discover significant issues in your application, so during product development you can take advantage of faster scans with a relatively small loss of thoroughness. You can choose between four optimization levels, for various needs such as initial testing, DevSecOps, pre-release, compliance and more. The fastest option includes a Test stage up to 10 times faster than a non-optimized scan, with approximately 70% of the vulnerability coverage. See Test Optimization.
  • Test Policy for DAST Scans: The AppScan Standard Default Test Policy is now applied to all DAST scans configured using the wizard. You can apply a different Test Policy by configuring the scan in AppScan Standard, or through the API.
  • General improvements and bug fixes.

New on March 17, 2020

  • Improved support for SSL (HTTPS) using self-signed root certificates
  • General improvements and bug fixes

New on March 10, 2020

  • General bug fixes and improvements.

New on March 5, 2020

New on February 26, 2020

  • Enhanced details and guidance for SAST issues.
  • New DAST engine with stability bug fixes.
  • General improvements and bug fixes.

New on February 18, 2020

  • General improvements and bug fixes.

New on February 10, 2020

  • New language support for ASP Classic.
  • Improvements to NodeJS scanning:
    • 37 new articles
    • Refined 29 rules
    • These improvements ultimately should reduce the overall number of findings.
    • However, updates could cause some existing findings to appear as new findings.

New on February 5, 2020

  • General improvements and bug fixes

New on February 2, 2020

  • Dynamic Analysis engine updated to AppScan Standard version 9.0.3.14 iFix001. See Fix List here.

New on January 21, 2020

  • DAST Proxy now supports DAST.CONFIG file encryption
  • ASoC now supports scanning encrypted DAST.CONFIG files
  • Changes to Proxy Server CLI commands and REST API commands

New on January 19, 2020

  • In the Application > All Issues tab:
    • The default listing now shows only non-compliant issues (New, Open, In-Progress, Reopened)
    • New filter display
    • SAST scans: A Fix Group link is added to each Issue in the All Issues list, to open the Fix Group tab for that Issue
  • Security Reports:
    • You can now generate a report even when there are no issues, or all issues are compliant
    • SAST scans: “Issues by Fix Group” section added to the Application Security Report
  • General improvements and bug fixes

New on January 12, 2020

  • Mobile Analysis now supports iOS versions up to 13.3.

New on January 1, 2020

Previous updates