start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Select Page

Web applications face an increasing number of security threats every day. Fortunately, application security testing platforms like HCL AppScan are constantly evolving to recognize new vulnerabilities. But with DevOps teams releasing code at faster and faster rates, the time it takes to remediate issues can become a critical pain point. Prioritizing which problems to fix is becoming increasingly important in the face of sometimes overwhelming test results.

HCL AppScan is making that process easier and more efficient using an Auto Issue Correlation algorithm leveraging its IAST solution (Interactive Application Security Testing) available in both its AppScan Enterprise and AppScan on Cloud offerings. These security solutions also include DAST (Dynamic Application Security Testing), SAST (Static Application Security Testing) tools and Auto Issue Correlation makes full use of all of them.

Each testing engine has different strengths and weaknesses, but Automatic Issue Correlation pulls from the strengths when viewing all the data together. For instance, whereas DAST delivers very accurate results, it cannot see the code and provide the level of detail that you get from SAST and IAST scans. But with correlation, you can use your SAST and IAST scans to confirm and enrich the findings of your DAST results.

Likewise, SAST can produce an overwhelming number of findings making it hard to know what to prioritize for remediation. But the accuracy of IAST and DAST scans, when overlayed on top of the SAST results produces a subset of clearly critical issues that are now easier to remediate all at once.

Additionally, SAST fixes cannot be validated since the developers are “inside the box” and only looking at the code unlike DAST and IAST. If an issue can be confirmed as resolved with correlation from these additional engines in the form of status updates, users gain fix validation in addition to the complete coverage and short scan times inherent in SAST.

risk rating

Sample AppScan dashboard showing scans, issues found, and correlations.

Auto Issue Correlation extracts data from each IAST, DAST and SAST issue and then uses a variety of heuristics to identify correlations. This effectively reduces the overall number of vulnerabilities and remediation tasks by grouping issues together where they can be addressed quickly and completely. If a related issue was found by all three testing engines—IAST, DAST and SAST—it moves to the top of the list for remediation. Next in line are issues correlated from IAST and DAST or IAST and SAST. After that priority moves to issues found by IAST or DAST. And once all these fixes have been made, developers can move on to any remaining issues found exclusively by SAST.

IAST with Auto Issue Correlation delivers a more efficient and organized approach to fixing security issues, giving both developers and security teams greater confidence in the outgoing product, no matter how fast the updates keep coming.

Visit to learn more or schedule a demo.


Comment wrap
Secure DevOps | November 28, 2023
Strengthen Your AWS Security with a Comprehensive Application Scanning Integration from HCL AppScan
Strenghten AWS security with HCL AppScan. Continuous testing, custom policies, insights, fail-build compliance, and more. Start 30-day trial!
Secure DevOps | November 2, 2023
Get Hands-On with AppScans Next Virtual Workshop - API Discovery, Secret Key, Vulnerable Components Scanning
Chek out what's new with AppScan Standard, a DAST (Dynamic Application Security Testing) tool designed for security experts and pen-testers that automatically crawls target applications and APIs and tests them for vulnerabilities.
Secure DevOps | August 2, 2023
Wider Application Security Coverage with HCL AppScan DAST and Vulnerable Third-Party Component Detection
HCL AppScan DAST (dynamic application security testing) is an industry-leading technology that scans your applications and APIs against potential vulnerabilities.