Hardware and software requirements

The following tables provide a summary of the hardware and software required to run the software.

Average size deployment requirements

Attention: Hardware and software requirements that apply to an AppScan® Source deployment that only uses the User Administration component of AppScan® Enterprise Server are highlighted like this: Applicable for an AppScan® Source deployment.

This configuration supports an average size deployment: 3-4 Dynamic Analysis Scanners (4 concurrent scan jobs per scanner). Larger deployments or loads might require more resources.

Note: If you install on a virtual machine (VM), make sure that you use these settings during the VM configuration:
  • Number of virtual sockets: 4
  • Number of cores per socket: 1
Note: It is recommended to use higher core configuration for Dynamic Analysis Scanners with recommended 6 Cores for 4 concurrent scans limit (minimum is 4 Cores). Maintaining Scanner with higher core configuration prevents overloading on CPU and does not adversely impact Scan durations, specifically for large Applications.
Note: Any Operating System that is EOL is not supported.
Machine that hosts the SQL Server Database Machine that hosts the AppScan® Enterprise Server

Also applicable for an AppScan® Source deployment

Machine that hosts the Dynamic Analysis Scanner
Operating System
Note: See the Database section for details on supported SQL Server versions.
  • Windows Server 2016 (Standard and Data-centre) x86-32, 64 bit tolerate
  • Windows Server 2019 (Standard and Datacenter) x86-32, 64 bit tolerate
  • Windows Server 2022 (Standard and Datacenter) x86-32, 64 bit tolerate
Note: The following environmental components are automatically installed during installation:
  • .NET 4.7.2 framework
  • IIS 10 and its dependencies
  • HCL® License Server
  • Windows Server 2016 (Standard and Data-centre) x86-32, 64 bit tolerate
  • Windows Server 2019 (Standard and Datacenter) x86-32, 64 bit tolerate
  • Windows Server 2022 (Standard and Datacenter) x86-32, 64 bit tolerate
Processor Quad-core CPU Quad-core CPU Quad-core CPU
RAM
  • 16 GB for < 4000 scan jobs.
  • 32 GB for > 4000 scan jobs.
16 GB 16 GB
Note: If running more than 4 scans in parallel, increase to 24+ GB.
Hard disk specific Fast input/output refers to the fast network and disk access, for example, use of Gigabit networking and use of a fast hard-drive such as SCSI or SSD for running the database. The requirement for "Fast input/output" depends on usage. Both the Dynamic Analysis Scanner server and the AppScan Enterprise Console server directly depend on a good connection to the SQL Server Database server and a good performing SQL Server database server. The faster the SQL Server Database server can handle requests, the more the system will be able to handle simultaneous scans and the faster the whole system will be in terms of UI responsiveness, report generation, etc. The disk speed on your local scanners should be fast as well. Fast input/output refers to the fast network and disk access, for example, use of Gigabit networking and use of a fast hard-drive such as SCSI or SSD for running the database. The requirement for "Fast input/output" depends on usage. Both the Dynamic Analysis Scanner server and the AppScan Enterprise Console server directly depend on a good connection to the SQL Server Database server and a good performing SQL Server database server. The faster the SQL Server Database server can handle requests, the more the system will be able to handle simultaneous scans and the faster the whole system will be in terms of UI responsiveness, report generation, etc. The disk speed on your local scanners should be fast as well.
Hard disk drive size
  • 500 GB for < 4000 scan jobs.
  • 1 TB for > 4000 scan jobs
200 GB 500 GB
Operating system installation drive (Generally, C drive) minimum 10 GB free disk space
Note: It is recommended to constantly monitor the system installation drive's disk space availability. You must always ensure to free up the disk space whenever space drops below 10 GB. If you are running AppScan Enterprise server on a drive other than operating system (OS) installation drive, then a minimum of 10 GB free disk space must be available on OS installation drive, that is, in addition to 10 GB free disk space where you are running the AppScan Enterprise server (For example: D, E drive and so on).
Required user accounts Service account

Software requirements

Operating System

Also applicable for an AppScan® Source deployment

  • Windows Server 2016 (Standard and Datacenter) x86-32, 64 bit tolerate
  • Windows Server 2019 (Standard and Datacenter) x86-32, 64 bit tolerate
  • Windows Server 2022 (Standard and Datacenter) x86-32, 64 bit tolerate
  • The Windows 10 Enterprise, Professional, and Ultimate operating systems are only for the client-side components of AppScan® Enterprise:
    • Browser
    • Activity Recorder
    • AppScan Dynamic Analysis Client
Note:
  1. AppScan® Enterprise is a 32-bit product. It will run on a 64-bit machine, but in 32 bit mode.
  2. The installer for the Dynamic Analysis Scanner and AppScan® Enterprise Server checks for the .NET 4.7.2 framework, and installs it if it does not exist.
  3. For best results, install all critical Microsoft software updates.
  4. If the website being scanned uses technologies such as Flash, Windows Media, and additional character sets, these technologies must also be installed on the agent server machines.
Web Server
IIS must be enabled on the Windows Server so that AppScan® Enterprise Server properly installs (not required for servers running Scanning Agents only). You must enable the following roles and features for IIS:
  • Common HTTP features (all components except HTTP Redirection)
  • Application development (ASP.NET, ISAPI Extensions, ISAPI Filters)
  • Health and diagnostics (HTTP Logging, Request Monitor)
  • Security (Basic and Windows Authentication)
  • Performance (Static Content Compression)
  • Management tools (IIS Management console)
  • IIS 6 Management Compatibility (All)
    The following table lists the IIS versions compatible with the corresponding Windows Server versions.
    IIS Windows Server
    IIS10
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
Database
  • Microsoft SQL Server 2014
  • Microsoft SQL Server 2016 (SP2-CU17)
  • Microsoft SQL Server 2017
  • Microsoft SQL Server 2019 CU8 and later
  • Microsoft SQL Server 2022
  • Microsoft SQL Server system requirements available from Microsoft.
Note:
  1. Both Enterprise and Standard editions are supported for the above-mentioned SQL Server versions.
  2. While both 64 and 32 bit versions of SQL Server are supported, using the 64-bit version of SQL Server can result in better performance. The 32-bit version works best for evaluation and small deployments.
  3. If your environment uses a named SQL Server for the AppScan® Enterprise database, make sure that TCP/IP is enabled in the SQL Server configuration manager, and restart the SQL services for SQL Server and SQL Server browser.
  4. Amazon RDS and Azure SQL managed instance are validated for AppScan Enterprise 10.3.0 version
Other Prerequisites
Ensure that ASP.Net is installed and enabled in IIS.
Supported Browsers

Minimum resolution: 1024x768. Higher resolution recommended. ASE supports the latest versions of the following browsers:

  • Google Chrome
  • Microsoft Edge
  • Mozilla Firefox ESR releases

HCL® License Server

Defect Tracking Systems
  • Atlassian JIRA v7.13.18
  • Rational® Team Concert v6.0.6.1
  • Rational® Quality Manager v6.0.6.1
Supported Integrations
  • AppScan® Source v10.0.0 and higher (previous versions are supported for importing of security results only)
  • AppScan® Standard v10.2.0 and higher (due to CVSS 3.1 upgrade importing issues from older versions of AppScan Standard might result in discrepancies of Severity/CVSS scores.)
VM
VMware ESXi 7.0.2

Bundled components

Application Server WebSphere® Application Server Liberty Core 22.0.0.12
Java(TM) SE Runtime Environment IBM J9 VM, Version: java version 1.8.0_351.
Supported technologies
See Supported technologies.

Allowlist

For some Command Execution and Remote File Inclusion security tests, including those for the Log4j vulnerability, both the AppScan Enterprise agent and the tested server must be able to send DNS lookup queries to securityip.appsechcl.com

Translated languages

The AppScan® Enterprise user interfaces are available in these languages:
  • English
  • French
  • German
  • Italian
  • Japanese
  • Korean
  • Brazil Portuguese
  • Russian
  • Spanish
  • Simplified Chinese
  • Traditional Chinese