What's new

This section describes new product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.

New in HCL AppScan Standard version 10.0.2

Notice: For HCL AppScan version 10.0.2 and newer, an HCL license is required. HCL AppScan versions 10.0.2 and newer do not support IBM licenses. See the product documentation for instructions on installing an HCL License. For more information contact your HCL representative or HCL Support.

  • Incremental scan improvements:
    • New wizard for running Incremental scans. See Incremental scan wizard.
    • "New" column added to Application Data view, and "New" label for Issue Details, indicating new issues found by the Incremental scan.
  • Angular applications: Improved coverage for scanning Angular applications.
  • AWS Authentication support:

    If your AWS application requires AWS Signature Version 4, you can now configure this in AppScan. See Scan Configuration dialog box > 3rd Party Authentication view.

  • Security improvements:
    • New cryptography issues: The ROBOT Attack, and Forward Secrecy
    • GhostCat vulnerability: CVE-2020-1938
    • New Information leakage issues: New issues for Server, X-Powered-By, X-AspNet-Version and X-AspNetMvc-Version headers
    • New tests for Blind XPATH injection and Blind LDAP injection
    • New encoded payloads for Command injection
    • XSS Analyzer: Now supports Referer Header

Fixes and security updates

Fixes and security updates are listed here.

Will be removed in a future release

The following will be removed in a future release:
  • Scan Expert
  • Generic Service Client (GSC)
  • X-Force categorization in Advisories and Issue Details
  • Malware detection capability