Security In Sync with Modern Development: Introducing HCL AppScan 10.11.0

Modern applications bring modern security challenges. To ensure our customers are not behind, we’re releasing our quarterly update: HCL AppScan 10.11.0, the latest version of our on-premises solutions, AppScan Standard and Source. Each release delivers timely enhancements that address emerging risks, align with evolving standards, and help our customers confidently leverage modern technologies.

Here’s a closer look at the key enhancements in this release and why they matter for your security strategy.

Smarter Detection of Critical Access Control Risks

Broken access control remains one of the most critical application security risks, consistently ranking at the top of the OWASP Top 10. These vulnerabilities allow attackers to gain unauthorized access to sensitive data or functionality.

In AppScan Standard 10.11.0, we’ve improved the detection of privilege escalation—a critical exploit arising from a broken access control vulnerability. By leveraging explored application data to validate security, it can now identify vulnerabilities that occur during real user interactions or workflows. This ensures more accurate and reliable detection of critical vertical and horizontal access control risks, helping you safeguard sensitive assets.

Security that Harnesses AI and fFuture-proofs for Quantum

Support for Latest Azure OpenAI Models

AI is transforming modern security tools, and HCL AppScan is no exception. With this release, DAST Intelligent Findings Analytics (IFA) now supports Azure OpenAI 5.x models, enabling organizations to harness cutting-edge AI to analyze scan findings and generate actionable insights. This ensures your security tools remain aligned with the latest AI models.

Post-Quantum Encryption Safety Check

While quantum computing is still emerging, it poses a potential threat to many cryptographic methods used today. The latest release introduces a new security rule to detect encryption methods that may not withstand quantum-powered attacks. When such methods are identified, AppScan raises a vulnerability alert, empowering teams to proactively migrate to quantum-resistant encryption before these technologies become a threat.

Faster Triage with Discovery, Visibility and Prioritization

CVSS 4.0 Support for Modern Vulnerability Management

Many organizations today rely on the Common Vulnerability Scoring System (CVSS) to prioritize and manage security risks. AppScan 10.11 now supports CVSS 4.0, allowing teams to track both CVSS 3.1 and 4.0 metrics. This dual support enables more accurate vulnerability prioritization, allows comparison of scoring across versions, and supports up-to-date, reliable vulnerability management.

Automatic Domain Discovery for Better Scan Coverage

Modern applications often span multiple domains, making it important for security scans to capture the full application footprint. The latest version enhances domain discovery by automatically including newly identified domains in the scan scope. After a scan, AppScan displays the newly discovered domains, simplifying the process of expanding testing coverage.

Improved API Visibility with Swagger/OpenAPI Discovery

APIs are the backbone of modern applications, yet many organizations struggle with API visibility during security testing. In this release, AppScan raises an informational alert when it discovers a Swagger/OpenAPI definition file, ensuring that exposed APIs are visible in the Dashboard and included in security testing.

Elevating Compliance and User Experience

The new version is aligned with modern standards, enhancing automation and simplifying workflows to make security management easier while delivering a better user experience.

• OWASP Top 10 2025: Our compliance reporting now reflects the latest OWASP Top 10 2025 benchmarks, helping organizations reduce risk exposure and streamline adherence to the latest industry standards.
• Expanded Automatic Login: We’ve expanded automatic login capabilities to support applications built with the Vue.js framework, allowing security scans to access all areas of the app automatically. This saves time, reduces manual errors, and ensures more reliable testing within CI/CD pipelines.
• Modernized Interface: A series of enhancements and redesigns have been made to improve the usability of several dialogs, enabling more security coverage, reducing setup errors, and simplifying navigation.

Flutter Support and Accuracy Improvements 

HCL AppScan Source continues to support modern development environments. Its latest version introduces support for Flutter (Dart), enabling teams building cross-platform mobile applications to scan their code early in development. This ensures consistent security across apps while reducing vulnerabilities.

Additionally, this release delivers accuracy improvements across widely used languages and frameworks, along with platform upgrades to enhance stability, security, and compatibility with modern enterprise environments.

Plan Your Upgrade

As part of our ongoing lifecycle updates, version 10.7.0 for AppScan Standard, Source, and Enterprise will be removed from My HCLSoftware (HCLSoftware’s product distribution platform) on June 30, 2026, ahead of its formal End of Support (EOS) on March 30, 2027. We encourage customers to upgrade to the latest version to stay protected, benefit from the latest enhancements, and maintain a strong security posture against both current and emerging threats.

For further information on this release or guidance on upgrading, please read the product documentation for AppScan Standard and AppScan Source or contact our support channel for assistance.