Improved application security testing automation, scan speeds and accuracy are just a few of the highlights of HCL AppScan 10.4.0.
This new release for HCL AppScan Standard, Enterprise, and Source empowers developers, DevOps, and security teams with a suite of technologies (SAST, DAST, IAST, SCA, API) to pinpoint application vulnerabilities for quick remediation in every phase of the software development lifecycle.
With the release of Version 10.4.0, customers using on-prem application security testing solutions will have access to the latest CVE updates for vulnerable third-party components, multiple secrets scanning configuration options, and an increased list of compliance reports.
Faster scan times, faster remediation, greater accuracy
- Scan times – Now customers with an IAST subscription can improve DAST scan configuration by identifying the OS, Framework, Platform, Servers, etc. to reduce the scan scope and save time by eliminating tests that are not necessary.
- Remediation – HCL AppScan DAST can also leverage IAST Total to provide a call stack for detected vulnerabilities. This information enables deeper insights into the application components, parameters, endpoints, etc., and detects the exact vulnerability location which helps in faster triaging and remediation.
- Accuracy – HCL AppScan IAST Total runs within your runtime environment and is enabled with deeper knowledge on the scan components. It provides a greater insight into the application backend as well as the components used, all of which results in deeper scan coverage and more accurate results.
Vulnerable third-party component detection
Completely securing your software in today’s fast-moving Digital+ economy includes knowing which of your third-party components have vulnerabilities that need to be addressed. Now HCL AppScan customers will not have to wait for a quarterly release in order to gain access to the latest CVE updates related to third-party components. In Version 10.4.0, this list is continuously updated so that patches can be uploaded from a central server as soon as they are available.
Improved reporting in HCL AppScan Enterprise and Standard
HCL AppScan Enterprise Version 10.4.0 has improved customers’ ability to measure scan coverage by adding a report listing all scanned URLS. Additionally, both HCL AppScan Enterprise and HCL AppScan Standard include new and updated regulatory compliance reports.
- [SA] Protection of Personal Information Act (PoPIA)
- [US] The Federal Risk and Authorization Management Program (FedRAMP)
- [US] DISA's Application Security and Development STIG, V5R2
- [US] Federal Information Security Modernization Act (FISMA)
Secrets Scanning enhancements in HCL AppScan Source
In the ever-evolving landscape of cybersecurity, staying ahead demands continuous innovation. HCL AppScan Source Version 10.4.0 introduces a range of upgrades aimed at empowering businesses to fortify their defenses while streamlining their automation processes.
One of the key highlights includes the enhanced Secrets Scanner, which now provides users with options similar to those available in HCL AppScan on Cloud. Notably, users can now run secret scans independently or as part of a concurrent operation alongside SAST scans.
Improved automation in GitLab and GitHub
HCL AppScan Source Version 10.4.0 also has improved its automation capabilities, setting new standards for ease and efficiency. Users can now access examples of GitLab and GitHub scanning workflows, simplifying the integration of security checks into their development pipelines. The Source CLI has also undergone a significant enhancement, ensuring a smoother automation experience. By introducing a feature that waits for license availability before initiating scans, the CLI eliminates potential failures due to unavailable licenses, offering a more reliable and hassle-free automation process.
The wide array of updates in HCL AppScan 10.4.0 are all key components of an aggressive innovation roadmap that puts customers first with a focus on building the industry’s best security testing and management tools.
Visit HCL AppScan online today to learn more about these on-prem application security solutions as well as our flagship cloud offering, HCL AppScan on Cloud (free trials available), and our cloud-native offering, HCL AppScan 360.