Appscan Banner image

Integrate security seamlessly into the Software Development Life Cycle (SDLC) through Interactive Application Security Testing (IAST). This technology actively monitors live applications and APIs, swiftly detecting and addressing vulnerabilities. IAST possesses insights into application source code, enhancing the accuracy and depth of issue identification.

IAST operates autonomously within functional testing or QA efforts. Alternatively, it collaborates with DevOps and security teams, intelligently correlating scan results with findings from DAST and SAST scans. This aids in efficiently grouping issues for rapid remediation.

API Discovery

API Discovery

API Discovery


HCL AppScan IAST can automatically detect and catalog all internal APIs being used in an application. Additional information can be gathered from SCA scans of the open-source packages used to develop APIs. These findings are critical for understanding your security risk level and reporting that to the necessary stakeholders.

Auto-Issue Correlation

Auto-Issue Correlation

Auto-Issue Correlation


HCL AppScan Auto Issue Correlation extracts data from each IAST, DAST and SAST issue and then uses a variety of heuristics to identify correlations. This effectively reduces the overall number of vulnerabilities and remediation tasks by grouping issues together where they can be addressed quickly and completely.

  • DAST findings can be enriched with the details found in corresponding IAST and SAST scans, both of which have a view of the source code.
  • SAST findings can be prioritized for remediation by using the accuracy of corresponding IAST and DAST results.
  • SAST fixes can be validated with subsequent IAST and DAST scans that provide status updates on all correlated findings.

Patented Java Solution

Patented Java Solution

Patented Java Solution


Our patented Java deployment solution needs less configuration and takes less time to set up since IAST can be deployed as a java agent AND also as a web application. You can start up scanning faster, deploy IAST after the web server has already started, and remove the IAST agent without restarting the server. Our agent also detects if there's an updated version of itself, downloads it and upgrades itself automatically (ASoC only).

Patented .NET Solution

Patented .NET Solution

Patented .NET Solution


Our patented IAST deployment solution for .NET is the fastest on the market and runs in managed code versus native code. You don't have to disable basic .NET optimizations and since our IAST agent runs as part of the .NET code itself you will have access to more capabilities and be able to discover more issue types.

Eliminate False Positives

Eliminate False Positives

Eliminate False Positives


HCL Appscan IAST has also received patents for advanced algorithms that track information flowing through your application. Detected vulnerabilities automatically trigger additional checks to greatly reduce any false positives in the final report.

These checks include complex algorithms that replicate your code flow in real time and try to attack it in various ways. If you write your own working sanitization code, HCL AppScan IAST will detect it and not report on issues that go through it.

Featured Resources