What's new in HCL AppScan® Enterprise

New in HCL AppScan® Enterprise 10.0.8

This section describes new product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.
  • AppScan Enterprise has a new logo.

  • Automatic API scanning using a Postman Collection. See How to scan using a Postman Collection.
  • New OWASP API Security Top 10 2019 Industry Standard Report.
  • Granular access control to restrict modification of Severity value and CVSS attributes.
  • The db_owner permission is not mandatory to configure and run AppScan Enterprise. Only a minimum of ddladmin, datawriter and datareader permissions are required.
  • Activity Log on the Administration console is available as a Technology Preview Code.
  • Support for Microsoft Edge browser.

Fixes and security updates

New security rules in this release include:
  • attSpringRemoteCommandExecution - Remote Command Execution on Spring Framework (CVE-2022-22965)
  • probeSpring - Probe Spring RCE (CVE-2022-22965)

Other fixes:

  • Option provided in configuration wizard to opt out of Simple Recovery Mode for SQL Server Database.
  • In some cases, AppScan Enterprise uses a lower version of TLS. Fix applied to use TLS 1.2 (when enabled on the system) for all internal communication.

The complete list of fixes, updates, and RFEs in this release is listed here.

Removed in this release

  • Internet Explorer (IE) browser support for v8.0 and v9.0.

Upcoming changes

The following will be removed in a future release:

  • The Web Services, The Vital Few, Developer Essentials test policies will be removed as similar results can now be achieved using other policies. For information, see Predefined Test Policies.
  • Internet Explorer (IE) browser support for v10.0 and v11.0 will be removed.
  • CVSS 2.0 scoring will be dropped and replaced with CVSS 3.1.
  • Ability to edit CVSS ratings on an issue.
  • Import of issues from Mobile Analyzer report.