HCL AppScan 10.10: Advancing AI-Ready Application Security

Organizations today are rethinking their technology foundations—not merely modernizing stacks, but rearchitecting them to be AI-native, resilient, and regulation-ready. To make this shift successful, you need security that doesn't just keep pace—it must lead the transformation.

Building on this momentum, we’re excited to introduce HCL AppScan 10.10—not just another upgrade, but a response to the challenges teams like yours are navigating right now. 

The latest release introduces built-in coverage for LLM-based risks, enhanced scanning capabilities, expanded language and compliance support, and a more intuitive user experience across our on-prem solutions—HCL AppScan Standard, Enterprise, and Source.

Introducing DAST for LLM-powered Applications

As AI becomes increasingly central to business applications, new security risks are emerging. When it comes to Large Language Models (LLMs), they can unintentionally expose sensitive data, fall victim to prompt injection, generate misinformation, or trigger other unintended behaviors—risks that grow as AI adoption increases. 

HCL AppScan’s DAST for LLM-augmented web applications addresses these gaps by detecting risks in LLM-based workflows, in addition to identifying traditional vulnerabilities in APIs and web applications. 

This makes HCL AppScan a one-of-a-kind solution, offering a holistic, full-stack approach that combines discovery and LLM scanning, unlike other solutions, which lack this level of integrated coverage. Learn more about this capability here.

Custom Scripts Enhancements

Creating and maintaining custom scripts can be complex as they involve multiple steps, rules, and interactions that must coordinate properly to function as expected. 

To simplify the process, HCL AppScan now offers improved documentation and enhanced editing capabilities, including autocomplete features that provide additional JavaScript methods and types. These updates make it easier for users to write, modify, and maintain scripts accurately, reducing errors and improving overall workflow.

Enterprise Security and Compliance

HCL AppScan Version 10.10 enables enterprise teams to secure applications faster, with less friction and full compliance. Key improvements include:

GenAI-powered error page detection: Error page detection—previously available in HCL AppScan Standard—is now extended to HCL AppScan Enterprise.

Applications sometimes display errors caused by routine issues—not security problems—but scanners can mistakenly identify them as vulnerabilities, creating unnecessary noise, false positives, and longer analysis times. Using Intelligent Finding Analytics (IFA) with Azure OpenAI, HCL AppScan leverages GenAI to accurately identify real error responses, filter noise, and streamline scan execution. This leads to higher accuracy, fewer false positives, and faster dynamic testing.

REST API enhancements: Managing large-scale security scans across multiple teams and tools often means manually updating scan settings, waiting for reports, and navigating complex workflows—all of which slow down automation and delivery cycles.

With the latest release, REST API capabilities have been expanded to give teams more control and speed:

• Improved API scanning flows: Teams can now modify or update scan parameters directly via API, offering greater flexibility in managing scans. New advanced sorting options further enhance efficiency and usability.
• Expanded REST APIs for automation: Faster issue retrieval and direct PDF report downloads via APIs.

FIPS alignment and platform support: With enhanced alignment to Federal Information Processing Standards (FIPS), HCL AppScan Enterprise v10.10 further improves data protection and ensures continued suitability for federal and other regulated environments. Official support for Microsoft Windows Server 2025 has also been added for smooth operations across modern enterprise infrastructures. 

Expanded Regulatory and Risk Coverage

Outdated reports and limited detection rules create gaps in compliance and risk coverage, making it more challenging for teams to keep up with evolving standards. 

To provide up-to-date coverage for these emerging requirements, the release adds two new compliance reports: OWASP Top 10 for LLM Applications 2025 and Canada ITSG-33. Key existing reports, such as PCI DSS, ISO, and GDPR, have also been updated to their latest versions. 

On the security side, 10+ new detection rules extend coverage across frameworks. The improvements also enable HCL AppScan to better handle dynamic web applications, such as Single Page Applications (SPAs), which load content dynamically on a single page, ensuring more thorough scanning and greater visibility into threats.

Language Accuracy and Reporting Improvements

With every release, HCL AppScan continues to keep pace with modern development ecosystems. In version 10.10, language support and reporting accuracy have been expanded and refined, including extended Java support up to version 25 and enhanced .NET coverage in HCL AppScan Source.

It means you can confidently adopt the latest frameworks, languages, and tools while maintaining high security standards.

What’s Next

HCL AppScan remains committed to advancing the platform to address the evolving demands of application security testing, AI safety, and regulatory compliance, delivering more intelligent and adaptive capabilities. Upgrade to Version 10.10 today to take full advantage of these enhancements.

Need help? Reach out to our support team for guidance on upgrading or to get answers to any questions you may have.