Level Up Your Security with HCL AppScan 10.9.0

We’re excited to announce the release of our application security testing tool, HCL AppScan 10.9.0, the latest milestone in our quarterly update strategy. This major release delivers significant improvements in performance, compliance and accessibility across our core on-premises solutions: HCL AppScan Standard and HCL AppScan Source.

With version 10.9.0, we’ve focused on what matters most to you—speed, coverage and ease of use. Whether you're racing to meet compliance deadlines, managing a growing application portfolio, or looking to expand your security testing capabilities, this release is designed to help you do more with less effort.

Enhanced Custom Scripts Capabilities

• Code editor: The JavaScript editor now includes better syntax checks and auto-complete features, making it easier to write and test custom scripts.
• Multi-step operational support: Some applications, especially those with multi-step workflows, can’t be fully covered through automatic scanning alone. In these cases, users can now record the required sequence, which is then automatically executed alongside the regular scan to ensure complete coverage.
• Dynamic form-filler parameters: You can now feed dynamic values from external sources into your forms automatically—ideal for simulating real-world test cases.

WebSocket Testing Gets an Upgrade

Applications today must be interactive, and many use WebSockets (chat apps, live dashboards, etc.). As WebSockets bypass standard HTTP request/response cycles, they can be harder to monitor—making it essential for security tools to scan WebSocket traffic for risks.

While HCL AppScan previously supported WebSocket-based logins, it can now scan WebSocket payloads in JSON/XML for vulnerabilities, enabling it to uncover risks in communication channels that traditional scanners often miss.

Improved Automatic Login Session Identification

Automated login is essential for DAST, as it ensures deeper and more comprehensive application coverage, including access to user-specific and restricted content. Many high-risk vulnerabilities—like privilege escalation and insecure session handling—only surface after authentication, making it essential to thoroughly scan authenticated areas. 

With recent enhancements in login detection and analysis, HCL AppScan now performs automated logins more accurately, significantly improving scan success rates and overall coverage.

Expanded Compliance and Security Testing Capabilities

The latest updates in version 10.9.0 enhance both compliance and security. Compliance reports have been refreshed to reflect the most current security standards, ensuring more accurate and up-to-date assessments. 

Easier Setup and Better Flexibility

The updates to HCL AppScan Source introduce several enhancements designed to improve flexibility, compatibility and security. Users can now compile JSP files using an external Tomcat server and specify their preferred application server and JDK via the command-line interface (CLI). The release also adds support for both floating and node-locked licenses, offering greater licensing flexibility. 

In addition, the Eclipse plug-in is now compatible with the latest versions and installation of AppScan Source is supported on Red Hat Enterprise Linux 8.10 and 9.5. Language detection has been improved for more accurate scans, and the CLI container base image has been upgraded to a modern and secure foundation. 

Accessibility Enhancements

The latest release delivers accessibility enhancements, introducing usability improvements that make the platform more inclusive and aligned with global accessibility standards, including Section 508 and WCAG.

For Accessibility Conformance Report (based on VPAT), please reach out to our support team.

Get Ready for What’s Next

Make the most of HCL AppScan 10.9.0’s powerful new features and improvements. Learn more by visiting our documentation. 

Important Announcement: HCL AppScan is planning licensing changes effective June 2025.

We strongly recommend upgrading now to take full advantage of the latest features and stay ahead of upcoming changes.