start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Select Page

Web applications face an increasing number of security threats every day. Fortunately, application security testing platforms like HCL AppScan are constantly evolving to recognize new vulnerabilities. But with DevOps teams releasing code at faster and faster rates, the time it takes to remediate issues can become a critical pain point. Prioritizing which problems to fix is becoming increasingly important in the face of sometimes overwhelming test results.

HCL AppScan is making that process easier and more efficient using an Auto Issue Correlation algorithm leveraging its IAST solution (Interactive Application Security Testing) available in both its AppScan Enterprise and AppScan on Cloud offerings. These security solutions also include DAST (Dynamic Application Security Testing), SAST (Static Application Security Testing) tools and Auto Issue Correlation makes full use of all of them.

Each testing engine has different strengths and weaknesses, but Automatic Issue Correlation pulls from the strengths when viewing all the data together. For instance, whereas DAST delivers very accurate results, it cannot see the code and provide the level of detail that you get from SAST and IAST scans. But with correlation, you can use your SAST and IAST scans to confirm and enrich the findings of your DAST results.

Likewise, SAST can produce an overwhelming number of findings making it hard to know what to prioritize for remediation. But the accuracy of IAST and DAST scans, when overlayed on top of the SAST results produces a subset of clearly critical issues that are now easier to remediate all at once.

Additionally, SAST fixes cannot be validated since the developers are “inside the box” and only looking at the code unlike DAST and IAST. If an issue can be confirmed as resolved with correlation from these additional engines in the form of status updates, users gain fix validation in addition to the complete coverage and short scan times inherent in SAST.

risk rating

Sample AppScan dashboard showing scans, issues found, and correlations.

Auto Issue Correlation extracts data from each IAST, DAST and SAST issue and then uses a variety of heuristics to identify correlations. This effectively reduces the overall number of vulnerabilities and remediation tasks by grouping issues together where they can be addressed quickly and completely. If a related issue was found by all three testing engines—IAST, DAST and SAST—it moves to the top of the list for remediation. Next in line are issues correlated from IAST and DAST or IAST and SAST. After that priority moves to issues found by IAST or DAST. And once all these fixes have been made, developers can move on to any remaining issues found exclusively by SAST.

IAST with Auto Issue Correlation delivers a more efficient and organized approach to fixing security issues, giving both developers and security teams greater confidence in the outgoing product, no matter how fast the updates keep coming.

Visit to learn more or schedule a demo.


Comment wrap
Secure DevOps | February 12, 2024
Mobile Application Security Testing Continues Upward Trajectory
Cybersecurity threats on the rise? Secure your mobile apps with HCL AppScan. Top-tier solutions for developers in a $3.2B market. Learn more from the Forrester Wave™ report (Q3, 2023).
Secure DevOps | December 20, 2023
Secure Application Code Against Vulnerabilities Faster with HCL AppScan Fix Groups
Stop in for an update on how HCL AppScan helps find vulnerabilities and security risks, starting with built in AI that dramatically reduces the number of scan findings and practically eliminates false positives.
Secure DevOps | December 13, 2023
HCL AppScan 10.4.0 Delivers Greater Speed, Accuracy, and Automation for Customers
Explore HCL AppScan 10.4.0 for enhanced application security testing automation. Faster scan times, accurate results, and seamless integration with GitLab and GitHub.