start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
start portlet menu bar end portlet menu bar
Close
Select Page
Secure DevOps
  | July 26, 2024

HCL AppScan 10.6.0 Widens Security Coverage with Enhanced OpenAPI Scanning

Adam Cave
Adam Cave
Product Marketing Manager, HCL AppScan
HCL AppScan 10.6.0 Widens Security Coverage with Enhanced OpenAPI Scanning

HCL AppScan 10.6.0 empowers developers and security professionals with enhanced capabilities to streamline and strengthen application security testing (AST). This newly released version includes multiple feature updates for three on-prem products – HCL AppScan Standard, HCL AppScan Enterprise, and HCL AppScan Source. OpenAPI scanning and more seamless cross-platform functionality are some of the standouts in this quarterly release.

Improved API Security with Automated OpenAPI Scanning

A major highlight of HCL AppScan Standard 10.6.0 are enhancements that enable OpenAPI automatic scanning. This innovative approach leverages the OpenAPI Specification (Swagger) to streamline AST for RESTful APIs. Here's how it benefits you:

Effortless Configuration

Leverage your existing OpenAPI description file to automatically configure scans. No need for manual configuration or endpoint discovery.

Enhanced Coverage

Scan all API endpoints comprehensively, ensuring no security vulnerabilities slip through the cracks.

Superior Vulnerability Detection

Advanced scanning techniques identify a wider range of vulnerabilities within your APIs.

Overall, OpenAPI scanning delivers faster, more thorough, and more relevant security assessments for your APIs. This translates to earlier detection and remediation of potential security issues, ultimately strengthening your API security posture.

Seamless Integration with HCL AppScan 360°

Version 10.6.0 of HCL AppScan Standard includes a redesigned connection method (HCL AppScan Connect) for a more intuitive connection interface, making it easier to establish connections with other HCL AppScan products. One of these products is HCL AppScan 360º, the self-hosted, cloud-native application security testing platform. The updated HCL AppScan Connect now enables you to:

Create Scans from HCL Appscan Standard

Effortlessly initiate scans within HCL AppScan 360º using configurations defined in HCL AppScan Standard.

Upload Scan Results

Upload security scan results generated by HCL AppScan Standard directly into HCL AppScan 360° for centralized management and analysis.

This seamless integration empowers you to leverage the strengths of both solutions, streamlining your security testing workflow and fostering a holistic application security strategy.

Faster Scans and more Contextualized Results

In the battle to achieve accurate scan results as fast as possible, HCL AppScan Standard has made another jump forward adding a new ‘Save only one variant per issue test’ option. This method of scan time optimization streamlines scans by focusing on identifying the first instance of a vulnerability, reducing the overall scan time without compromising accuracy.

Scan reports now also include CVSS (Common Vulnerability Scoring System) vectors, providing valuable insights into the severity of identified vulnerabilities. 

HCL AppScan Standard 10.6.0 also incorporates a variety of user experience improvements designed to simplify and expedite security testing tasks:

  • Enhanced Scan Configuration Usability: A series of redesigned dialogs streamline scan configuration for tasks like importing explored data, excluding paths, and managing client-side certificates.
  • Multiple Domain Import: Effortlessly import multiple domains for scanning using a simple CSV file.

Enhanced Security and Analytics in HCL AppScan Enterprise

HCL AppScan Enterprise 10.6.0 also introduces valuable features to bolster your security posture:

  • CVSS Vector Display: The Monitor page now also displays CVSS (Common Vulnerability Scoring System) vectors for identified issues, providing deeper insights into your vulnerabilities.
  • Enhanced CWE Mapping: AppScan now maps multiple CWEs (Common Weakness Enumerations) to issues, offering a broader perspective on potential security risks.
  • Deeper Analytics with Upgraded Dashboard: The Monitor page dashboard now features additional filters, enabling more in-depth analysis of your security findings.

Enhanced Reporting and Compliance

HCL AppScan Version 10.6.0 introduces new regulatory compliance reports for both HCL AppScan Standard and HCL AppScan Enterprise that generate reports aligned with industry standards. Examples:

  • OWASP Cloud-Native Application Security Top 10: a comprehensive list of the most critical security risks associated with cloud-native applications from the non-profit foundation Open Web Application Security Project (OWASP).
  • Network and Information Security Directive (NIS2): an updated EU-wide law designed to enhance cybersecurity across the European Union with expanded coverage and stricter business requirements.

Additional Enhancements in HCL AppScan Source

Beyond the headline features, HCL AppScan Source 10.6.0 delivers a range of additional enhancements designed to keep you ahead of the evolving security landscape. Here's a closer look at some of these improvements:

Expanded Platform and Framework Support:

  • Windows Server 2022: Scan your applications seamlessly on the latest Windows Server version.
  • IBM WebSphere Application Server 9: Ensure the security of your applications running on this popular application server.
  • .NET 8 Support: Scan applications built with the newest version of the .NET framework.
  • Eclipse Plugin Compatibility: The AppScan Eclipse plugin now supports versions from 2022-09 to 2024-03, ensuring compatibility with your development environment.

Enhanced Reporting and Compliance:

  • New Report: DISA STIG v5r3: Generate reports aligned with the latest DISA Security Technical Implementation Guide (STIG) v5r3, simplifying compliance efforts for government agencies.

Staying Up-to-Date with Technology Advancements:

  • Makefile Scanning: Identify vulnerabilities within Makefiles in C/C++ projects.
  • Global Secrets Scanning: Enable secrets scanning across all your scans in order to simplify the process of identifying sensitive information leaks.
  • Improved Scanners: Benefit from enhancements to the Secrets Scanner, Java Scanner, JavaScript Scanner, and Python Scanner for more comprehensive vulnerability detection.

Conclusion

HCL AppScan 10.6.0 delivers a powerful suite of enhancements for both HCL AppScan Standard and HCL AppScan Enterprise. With a focus on faster and more thorough API security testing, improved integration, enhanced reporting, and a streamlined user experience, this release empowers you to build and maintain secure applications with greater efficiency.

Ready to experience the power of HCL AppScan 10.6.0? Visit the HCLSoftware website to earn more and download your free trial today!

Comment wrap
Adam Cave
Adam Cave
Product Marketing Manager, HCL AppScan
Adam Cave is a successful marketing professional, writer, content creator, and graphic designer. He has a broad array of experience in the fields of application security, book and magazine publishing, teaching, public speaking, and fine art.
Read more

Topics in this article:

HCL AppScanApplication security testingAPI securityOpenAPI scanningHCL AppScan StandardHCL AppScan EnterpriseHCL AppScan SourceHCL AppScan 360°CybersecurityVulnerability scanningRegulatory complianceOWASPNIS2DISA STIG

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

Connect with us

Submit a Comment

Your email address will not be published. Required fields are marked *

* HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


appscan
Secure DevOps | October 17, 2024
Unlock Hidden Malware with HCL AppScan’s New SCA Features
Detect hidden malware in open-source components with HCL AppScan's new Runtime SCA. Secure your software supply chain and keep operations running smoothly.
Uffe Sorensen
Ryley Robinson
Project Marketing Manager
appscan
Secure DevOps | October 17, 2024
New Report Sheds Light on Software Supply Chain Risks
91% of organizations faced software supply chain attacks in 2023! Learn to protect your business with this report on vulnerabilities and mitigation strategies.
Uffe Sorensen
Ryley Robinson
Project Marketing Manager
appscan
Secure DevOps | October 17, 2024
AI in Application Security: Powerful Tool or Potential Risk?
AI is revolutionizing application security testing. Learn how AI-powered tools enhance vulnerability detection and improve accuracy, while also considering potential risks.
Uffe Sorensen
Ryley Robinson
Project Marketing Manager
start portlet menu bar end portlet menu bar