HCL AppScan Standard Full Activated
is a Dynamic analysis checking out device designed for protection experts and pen-testers to use whilst acting security assessments on net applications and internet offerings It runs computerized scans that explore and check internet packages and consists of one of the maximum powerful scanning engines inside the international.
Checking out your web programs before deployment and constantly assessing their risks in your manufacturing environment can help save you luxurious web utility security breaches.
This section describes new product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.
New in HCL AppScan Standard version 10.0.5
- How to fix:
- New and improved Advisory and Fix Recommendation content for many issues, consolidated into the new How to Fix tab
- New and detailed code-specific “How to Fix” content for many code languages
- Non-standard headers: Can now be excluded from testing, like parameters and cookies (Configuration dialog box > Parameters and Cookies tab)
- Compliance report upgrade: DISA Stig V5R1
- Security testing:
- Improved XSS analysis through browser-based validation for some rules
- New application tests:
- Referrer policy – Detect misconfigured or insecure referrer policy
- Host header injection – Test if the host header is being parsed dynamically in the application
- CORS arbitrary origin – Test if CORS policy originated from the arbitrary origin header value
- New infrastructure tests:
- CVE-2020-5398 – Detect Reflected File Download on Spring Framework
- CVE-2020-7246 – Remote Command Execution on qdPM
- CVE-2020-9006 – Popup Builder WordPress Plugin SQL Injection
- CVE-2020-11022/11023 – Detect XSS in JQuery before version 3.5.0
- CVE-2020-17530 – Apache Struts 2 Forced Multi OGNL Evaluation
Fixes and security updates
- Fixes and security updates are listed here.
Removed in this release
- Malware detection
- X-Force categorization in Advisories and Issue Details
- .NET, J2EE, and PHP-specific information are no longer included in reports, but new code-specific information for many languages, including these three, is available in the UI.
- Ability to edit Advisories and Fix Recommendations
- The XML report format will change in the next release
- The following will be removed in a future release:
- Scan Expert
- These test policies: Web Services, The Vital Few, Developer Essentials; as similar results can now be achieved using other policies (see FAQ)
- Tasks view