HCL AppScan 10.6.0 empowers developers and security professionals with enhanced capabilities to streamline and strengthen application security testing (AST). This newly released version includes multiple feature updates for three on-prem products – HCL AppScan Standard, HCL AppScan Enterprise, and HCL AppScan Source. OpenAPI scanning and more seamless cross-platform functionality are some of the standouts in this quarterly release.
Improved API Security with Automated OpenAPI Scanning
A major highlight of HCL AppScan Standard 10.6.0 are enhancements that enable OpenAPI automatic scanning. This innovative approach leverages the OpenAPI Specification (Swagger) to streamline AST for RESTful APIs. Here's how it benefits you:
Effortless Configuration
Leverage your existing OpenAPI description file to automatically configure scans. No need for manual configuration or endpoint discovery.
Enhanced Coverage
Scan all API endpoints comprehensively, ensuring no security vulnerabilities slip through the cracks.
Superior Vulnerability Detection
Advanced scanning techniques identify a wider range of vulnerabilities within your APIs.
Overall, OpenAPI scanning delivers faster, more thorough, and more relevant security assessments for your APIs. This translates to earlier detection and remediation of potential security issues, ultimately strengthening your API security posture.
Seamless Integration with HCL AppScan 360°
Version 10.6.0 of HCL AppScan Standard includes a redesigned connection method (HCL AppScan Connect) for a more intuitive connection interface, making it easier to establish connections with other HCL AppScan products. One of these products is HCL AppScan 360º, the self-hosted, cloud-native application security testing platform. The updated HCL AppScan Connect now enables you to:
Create Scans from HCL Appscan Standard
Effortlessly initiate scans within HCL AppScan 360º using configurations defined in HCL AppScan Standard.
Upload Scan Results
Upload security scan results generated by HCL AppScan Standard directly into HCL AppScan 360° for centralized management and analysis.
This seamless integration empowers you to leverage the strengths of both solutions, streamlining your security testing workflow and fostering a holistic application security strategy.
Faster Scans and more Contextualized Results
In the battle to achieve accurate scan results as fast as possible, HCL AppScan Standard has made another jump forward adding a new ‘Save only one variant per issue test’ option. This method of scan time optimization streamlines scans by focusing on identifying the first instance of a vulnerability, reducing the overall scan time without compromising accuracy.
Scan reports now also include CVSS (Common Vulnerability Scoring System) vectors, providing valuable insights into the severity of identified vulnerabilities.
HCL AppScan Standard 10.6.0 also incorporates a variety of user experience improvements designed to simplify and expedite security testing tasks:
- Enhanced Scan Configuration Usability: A series of redesigned dialogs streamline scan configuration for tasks like importing explored data, excluding paths, and managing client-side certificates.
- Multiple Domain Import: Effortlessly import multiple domains for scanning using a simple CSV file.
Enhanced Security and Analytics in HCL AppScan Enterprise
HCL AppScan Enterprise 10.6.0 also introduces valuable features to bolster your security posture:
- CVSS Vector Display: The Monitor page now also displays CVSS (Common Vulnerability Scoring System) vectors for identified issues, providing deeper insights into your vulnerabilities.
- Enhanced CWE Mapping: AppScan now maps multiple CWEs (Common Weakness Enumerations) to issues, offering a broader perspective on potential security risks.
- Deeper Analytics with Upgraded Dashboard: The Monitor page dashboard now features additional filters, enabling more in-depth analysis of your security findings.
Enhanced Reporting and Compliance
HCL AppScan Version 10.6.0 introduces new regulatory compliance reports for both HCL AppScan Standard and HCL AppScan Enterprise that generate reports aligned with industry standards. Examples:
- OWASP Cloud-Native Application Security Top 10: a comprehensive list of the most critical security risks associated with cloud-native applications from the non-profit foundation Open Web Application Security Project (OWASP).
- Network and Information Security Directive (NIS2): an updated EU-wide law designed to enhance cybersecurity across the European Union with expanded coverage and stricter business requirements.
Additional Enhancements in HCL AppScan Source
Beyond the headline features, HCL AppScan Source 10.6.0 delivers a range of additional enhancements designed to keep you ahead of the evolving security landscape. Here's a closer look at some of these improvements:
Expanded Platform and Framework Support:
- Windows Server 2022: Scan your applications seamlessly on the latest Windows Server version.
- IBM WebSphere Application Server 9: Ensure the security of your applications running on this popular application server.
- .NET 8 Support: Scan applications built with the newest version of the .NET framework.
- Eclipse Plugin Compatibility: The AppScan Eclipse plugin now supports versions from 2022-09 to 2024-03, ensuring compatibility with your development environment.
Enhanced Reporting and Compliance:
- New Report: DISA STIG v5r3: Generate reports aligned with the latest DISA Security Technical Implementation Guide (STIG) v5r3, simplifying compliance efforts for government agencies.
Staying Up-to-Date with Technology Advancements:
- Makefile Scanning: Identify vulnerabilities within Makefiles in C/C++ projects.
- Global Secrets Scanning: Enable secrets scanning across all your scans in order to simplify the process of identifying sensitive information leaks.
- Improved Scanners: Benefit from enhancements to the Secrets Scanner, Java Scanner, JavaScript Scanner, and Python Scanner for more comprehensive vulnerability detection.
Conclusion
HCL AppScan 10.6.0 delivers a powerful suite of enhancements for both HCL AppScan Standard and HCL AppScan Enterprise. With a focus on faster and more thorough API security testing, improved integration, enhanced reporting, and a streamlined user experience, this release empowers you to build and maintain secure applications with greater efficiency.
Ready to experience the power of HCL AppScan 10.6.0? Visit the HCLSoftware website to earn more and download your free trial today!
Start a Conversation with Us
We’re here to help you find the right solutions and support you in achieving your business goals.