What's new in HCL AppScan® Enterprise

Important Notice

For HCL AppScan Enterprise version 10.0.2 and newer, an HCL license is required. HCL AppScan Enterprise versions 10.0.2 and newer do not support IBM licenses. See the product documentation for instructions on installing an HCL License. For more information contact your HCL representative or HCL Support.

New in HCL AppScan® Enterprise 10.0.2

This section describes new product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.

Interactive Application Security Testing (IAST) support

Interactive Application Security Testing (IAST) is now available as a Technology Preview Code. It is used for real-time web application security testing. IAST continuously monitors the application for security vulnerabilities at all DevOps stages, such as development, testing, and even production.

To use IAST, see IAST Documentation.

Angular applications

Improved coverage for scanning Angular applications.

AWS authentication support

If your AWS application requires AWS Signature Version 4, you can now configure this in AppScan Dynamic Analysis Client. For more information about AWS authentication, see 3rd Party Authentication view.

Security Improvements
  • New cryptography issues: The ROBOT Attack and Forward Secrecy.
  • GhostCat vulnerability: CVE-2020-1938.
  • New Information leakage issues: New issues for Server, X-Powered-By, X-AspNet-Version and X-AspNetMvc-Version headers.
  • New tests for Blind XPATH injection and LDAP injection.
  • New encoded payloads for Command injection.
  • Non-standard headers: AppScan now detects and tests non-standard HTTP headers.
  • XSS analyzer: Now supports Referer Header.

Windows 2019 support

Added support for Windows 2019 Server.

Support for Silent installation and configuration of AppScan Enterprise Server

You can now accomplish the AppScan Enterprise Server and Dynamic Agents installation and configuration in silent mode using an initialization file. For more information about silent installation, see AppScan Enterprise Silent Installation Documentation.

Jenkins Plug-in Compatibility

To use the AppScan Jenkins plug-in with AppScan Enterprise v 10.0.2, you must use version 1.0.6 or later of the plug-in. For more information about HCL AppScan Jenkins plug-in integration, see Integration with HCL AppScan Enterprise.

Will be removed in a future release

The following will be removed in a future release:

  • Generic Service Client (GSC)
  • X-Force categorization in Advisories and Issue Details
  • HCL AppScan Enterprise server on 32bit Windows Operating System
  • HCL AppScan Enterprise plug-in for Internet Explorer browser
  • Manual explorer
  • Malware detection capability