What's new

This section describes new AppScan Standard product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.

New in HCL AppScan Standard 10.1.0

  • New template for scanning a GraphQL web API: Load and adjust the template configuration yourself or simply use the web API wizard and select GraphQL as the API type. See GraphQL.
  • Reworked action-based web crawler: AppScan’s action-based web crawler has undergone a thorough overhaul, and now offers:
    • Improved memory consumption, together with
    • Similar or better coverage.
    In the unlikely event of reduced coverage for your application, please contact Support.
  • Conveniently group security issues by "issue type" or "remediation task" for triage.
  • Scan file size has been reduced.
  • Upload scan results to AppScan on Cloud (AppScan Connect menu).
  • PyScan extension, that enables you to control AppScan through Python, is now available on GitHub. See Pyscan on GitHub.

Fixes and security updates

New security rules in this release include:
  • attWebminFileManagerRCECVE20220824 - Added detection of Webmin RCE in file manager (CVE-2022-0824)

For a complete list of fixes, security rule updates, and RFEs in this release see AppScan Standard Fix List.

Changed in this release

  • Explore Optimization module has been removed.

Upcoming changes

The following will be removed in a future release:
  • The old UI is accessible in this release (but not updated since version 10.0.7). It will be removed altogether in the next release (see here)
  • The Web Services, The Vital Few, and Developer Essentials test policies will be removed, as similar results can now be achieved using other policies (see here)
  • The ability to export scan results as XML for versions of AppScan Enterprise earlier than 9.0.3.1 will be removed.
  • CVSS 2.0 scoring will be dropped and replaced with CVSS 3.1 scoring.
  • The ability to edit the CVSS rating for an issue will be removed.