HCL AppScan 360° Version 1.6.0 Launches with FIPS Compliance, Enhanced DAST, and Superior User Experience

As the risks and costs of data breaches and cybercrime continue to climb, organizations worldwide are looking for ways to not only integrate comprehensive application security into their DevOps pipelines, but also stay compliant with a growing list of government and industry regulations. In many cases, the security risks and compliance regulations restrict or eliminate the ability to deploy in a public cloud environment. This is certainly the case for US Federal government agencies, and increasingly for organizations in Europe and around the globe.

HCL AppScan 360º was first launched in 2023 to provide a modern, cloud-native application security platform designed explicitly for on-premise and private cloud deployments. With the latest version release of 1.6.0, HCL AppScan 360º delivers significant updates around compliance standards, updated licensing, advanced API testing, and an improved user experience.

From federal compliance adherence to intuitive dashboard improvements, this new release ensures robust, efficient, and user-friendly application security management.

Federal Compliance Updates

AppScan 360º version 1.6.0 achieves FIPS 140-3 compliance, meeting rigorous federal standards for cryptographic security. Customers utilizing the FIPS-compliant version will require an Ubuntu Pro license to ensure a secure and certified environment.

Additionally, the Application Security and Development Security Technical Implementation Guide (STIG) has been updated to Version 6 Release 1, further enhancing federal compliance support. Version 1.6.0 also introduces IPv6 support alongside seamless interoperability between IPv6 and IPv4 networks, ensuring robust network flexibility and compliance with modern standards.

Please consult our United States government regulation compliance documentation for detailed compliance information.

HCL AppScan 360º Version 1.6.0 also includes the following reporting enhancements:

• EU Digital Operational Resilience Act (DORA) compliance reports.
• OWASP Application Security Verification Standard (ASVS) compliance reports.

Enhanced Platform and Usability

HCL AppScan constantly reviews customer feedback to update and improve the user experience. Here are a few of the most notable updates in version 1.6.0.

• Dashboard filtering: Users can now filter dashboards by specific applications, allowing focused and efficient monitoring of areas critical to operations.
• Dark mode support: AppScan 360° now includes an optional dark theme, which enhances viewing comfort and reduces visual fatigue during extended usage.
• Quick application setup: Streamlined onboarding by automatically setting the default business impact to “medium” during quick application creation.
• Issue management: Seamlessly adjust severity or status directly within the issue details, enabling rapid and intuitive issue management.
• Improved reporting: A new "critical issues" column was added to CSV-formatted security reports. Teams are encouraged to update their automation scripts accordingly.

Advanced DAST (including API) Testing

In addition to some of the significant improvements listed above, HCL AppScan 360º has added features to the Dynamic Application Security Testing (DAST) capabilities. This includes native API scan workflows, allowing earlier and more effective detection of API vulnerabilities using Postman collections, OpenAPI/Swagger, or manually captured traffic.

Enhanced support for OpenAPI specifications significantly improves configuration ease and coverage, ensuring thorough API testing. Additionally, the platform now employs client- and server-side checks to identify vulnerabilities in commonly used third-party components, accelerating your remediation processes.

DAST users can now access predefined testing policies that enable focused scans by running only the most pertinent tests, significantly reducing scan durations. 

Scans can be optimized further by excluding specific application paths or setting exceptions. Enhanced options for uploading scan files can also streamline retesting or the continuation of prior scans.

Traffic recording and scan processes have also been enhanced, including importing EXD files from HCL AppScan Standard or the AppScan Dynamic Analysis Client (ADAC).

Licensing

Starting with HCL AppScan 360° v1.6.0, all downloads and license management are exclusively available via the proprietary My HCLSoftware (MHS) portal. The legacy portal is no longer supported, and all entitlements have been seamlessly migrated to MHS.

Ensure you configure and download your licenses through MHS before upgrading.

Note: This update pertains solely to licensing management; there are no changes to your current license metrics or costs.

Visit us online or request a personalized demo today to learn more about the full capabilities and enhancements of HCL AppScan 360° version 1.6.0.