What's new

This section describes new product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.

New in HCL AppScan Standard version 10.0.0

Test Optimization
The new Test Optimization slider lets you control the extent of tradeoff between issue coverage and scan speed. Test Optimization selectively sends tests most likely to discover significant issues in your application, so during product development you can take advantage of faster scans with a relatively small loss of thoroughness. You can choose between four optimization levels, for various needs such as initial testing, DevSecOps, pre-release, compliance and more. The fastest option includes a Test stage up to 10 times faster than a non-optimized scan, with approximately 70% of the vulnerability coverage. For details, see Test Optimization view of the Configuration dialog box.
Note: For new scans, the "Fast" setting is selected by default.
Incremental scans
This new feature offers shorter re-scans by identifying changes in the application to greatly reduce the number of tests sent during a re-scan. Options are:
  • Test only new parts of the application.
  • Test new parts of the application, and retest parts where issues were previously found. Tests that did not reveal vulnerabilities in the original scan are not re-sent to the same parts of the site in the re-scan.
For details, see Incremental scans.
Optimized Action-Based Explore with Machine Learning
Improved Explore stage efficiency using Machine Learning. AppScan can predict actions that are likely to lead to already-discovered parts of the site, so it can avoid them. See the "Use Machine Learning to analyze and skip redundant actions" check box in Action-Based tab.
AppScan Connect
AppScan now has greater connectivity with AppScan on Cloud and AppScan Enterprise:
  • The Welcome Screen provides central login access which maintains sessions when AppScan is closed and reopened. For details, see Welcome screen.
  • The AppScan Connect icon on the main toolbar has four options:
    • Create scan in AppScan on Cloud
    • Create scan (job) in AppScan Enterprise
    • Create scan template in AppScan Enterprise
    • Upload scan results to AppScan Enterprise
    For details, see Main toolbar.
  • Open AppScan Enterprise and AppScan on Cloud scans: When connected with AppScan Connect, you can now open AppScan Enterprise and AppScan on Cloud scans to edit or use with AppScan Standard. Note that the scan file is downloaded and saved to the AppScan Standard machine, and changes you make will not be made to the source scan file in the original application. For details, see Welcome screen.
AppScan DNS for Out-Of-Band vulnerabilities
Improved detection of vulnerabilities that cannot be directly detected through the tested application, such as OS Commanding, SSRF, and XXE attacks, using AppScan DNS resolution.
Documentation
The AppScan Help file format has been improved and now opens in your default browser. The documentation is now available in English, French, Japanese, Simplified Chinese and Traditional Chinese.

Removed in this version

The following features have been removed as of this release:
  • Flash execution and parsing
  • Glass Box Scanning
  • Pyscan (2.6.6) Extension

Will be removed

The following will be removed in a future release:
  • Scan Expert
  • Generic Service Client (GSC)
  • X-Force categorization in Advisories and Issue Details