What's new

This section describes new product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.

Important notice

Support for IBM licenses in new releases of HCL AppScan will end in Q3 (Aug/Sep) 2020. From then on, new versions will support HCL Licenses only. For instructions on obtaining and installing an HCL License refer to the documentation. For more information contact your HCL representative or contact Support.

New in HCL AppScan Standard version 10.0.1

Action-Based Explore
Improved accuracy and coverage for Automatic Action-Based Exploring.
Testing enhancements
  • Improved error page detection
  • New variant for CVE-2018-7600: Remote Command execution on DRUPAL: Now uses AppScan DNS capibility
  • New test for CVE-2018-9206: Unrestricted FileUpload using Blueimp jQuery-File-Upload
  • New variant for SSRF: Dotless Hex IP
  • Directory Guessing: Added 50 new directory guessing rules
  • Multi-Step Operations: When configured, the validation of subsequent steps in the sequence, when testing a specific step, now includes SQL Injection, Command Injection, and Path Traversal (in addition to Cross-Site Scripting). See Multi-Step Operations: Validation
AppScan Connect
  • You can now download templates (SCANT) files, in addition to scan files, from AppScan Enterprise.
  • Added Search capability when downloading files from AppScan on Cloud and AppScan Enterprise.
Issue consolidation
Consolidation of certain frequently occurring Issues, to produce a more compact set of results. For example, Issues that share a single source (such as a server configuration) that occur in multiple locations across the application. Consolidation reduces the overall number of Issues, but without losing the details.
Note: This may result in a new scan of an unchanged site showing less issues than were found in an earlier scan (but may list more variants of those issues).
Recording browser
The built-in Chromium browser is now the default and recommended recording browser for Login and Manual Explore in new scans.
Online/Offline Help
You can now choose whether AppScan Help buttons open the Online version of the Help, or a local copy (Offline). Using the Online version is recommended, unless you will be using AppScan without an internet connection. The first time you open AppScan after installing this version, you will be asked to choose Online or Offline, and you can change this choice later in Tools > Options > General tab.
Compliance Reports
Supports the latest DISA Standard Report V4R10.

Fixes and security updates

Fixes and security updates are listed here.

Will be removed in a future release

The following will be removed in a future release:
  • Scan Expert
  • Generic Service Client (GSC)
  • X-Force categorization in Advisories and Issue Details