HCL AppScan recently released HCL AppScan Source 10.0.8. In this blog, I highlight some of the new releases for AppScan V.10.0.8, by product line.

What’s new in HCL AppScan® Source 10.0.8

The AppScan® Source command line interface (CLI) has been containerized, thus allowing the application and security scanning to be more efficient and more robust. Once installed and configured, a testing environment can be created on-demand, and quickly, and scans can be run concurrently.

AppScan® Source provides a License Manager utility that is used for loading and updating license information on your client machine.

V10.0.8 enhancements for AppScan Source include the following:

APAR fixes in AppScan® Source version 10.0.8

  • Security Profile Report uses metrics just from the first project in a multi project assessment, CQPAR00237855
  • AppScan® Source for Analysis creating .dmp files in temp folder for DFA scan, KB0096327
  • AppScan®delta.sh does not recognize filesystem paths if they contain spaces on Linux,KB0097634
  • Net Assembly Projects are Failing in case Visual Studio is not installed on the machine, KB0097692

Dropped Features

  • OWASP Top 10 2013 report

What’s New in HCL AppScan® Standard 10.0.8

Automatic API scanning using an imported Postman Collection file. HCL AppScan runs its own Explore stage using the collection and displays the resulting data in Dashboard and Data views. You choose whether AppScan continues automatically to the Test stage, to complete the scan, or whether you prefer to start the Test stage later.

V10.0.8 enhancements for AppScan Standard include the following:

  • New: OWASP API Security Top 10 2019 Industry Standard Report.
  • Improved automatic update functionality.
  • Security updates:
    • attSpringRemoteCommandExecution – Remote Command Execution on Spring Framework (CVE-2022-22965)
    • probeSpring – Probe Spring RCE (CVE-2022-22965)

APAR fixes in AppScan® Standard version 10.0.8

The APARs resolved and security updates included in this fix pack are listed here.

What’s New in HCL AppScan® Enterprise 10.0.8

V10.0.8 enhancements for AppScan Enterprise include the following:

  • Automatic API scanning using a Postman Collection. See How to scan using a Postman Collection.
  • New OWASP API Security Top 10 2019 Industry Standard Report.
  • Granular access control to restrict modification of Severity value and CVSS attributes.
  • The db_owner permission is not mandatory to configure and run AppScan® Enterprise. Only a minimum of ddladmin, datawriter and datareader permissions are required.
  • Activity Log on the Administration console is available as a Technology Preview Code.
  • Support for Microsoft Edge browser.

Fixes and security updates in AppScan® Enterprise version 10.0.8

New security rules in this release include:

  • attSpringRemoteCommandExecution – Remote Command Execution on Spring Framework (CVE-2022-22965)
  • probeSpring – Probe Spring RCE (CVE-2022-22965)

Other fixes:

  • Option provided in configuration wizard to opt out of Simple Recovery Mode for SQL Server Database.
  • In some cases, AppScan® Enterprise uses a lower version of TLS. Fix applied to use TLS 1.2 (when enabled on the system) for all internal communication.

The complete list of fixes, updates, and RFEs in this release is listed here.

Removed in this release

  • Internet Explorer (IE) browser support for v8.0 and v9.0.

Upcoming changes

The following will be removed in a future release:

  • The Web Services, The Vital Few, Developer Essentials test policies will be removed as similar results can now be achieved using other policies. For information, see Predefined Test Policies.
  • Internet Explorer (IE) browser support for v10.0 and v11.0 will be removed.
  • CVSS 2.0 scoring will be dropped and replaced with CVSS 3.1.
  • Ability to edit CVSS ratings on an issue.
  • Import of issues from Mobile Analyzer report.

To learn more, please visit our Customer Support Page. Want to start today but don’t know where to begin? Click here and fill out our form for a free trial and someone from our HCL AppScan team will connect with you!

We would also like to invite you to our next Webinar. On August 2nd you’ll be able to witness Automatic Issue Correlation that is now part of HCL AppScan. Learn about how you can enhance the strengths of each approach while reducing the weakness, how auto correlation enhances each AST approach, and improve your prioritization process. Register Today!

Comment wrap
Further Reading
article-img
Secure DevOps | June 6, 2022
Guide To Reliable Application Security Testing Software
Looking for a secure solution for fast, accurate, and agile application security testing? You can come across reliable market-leading web application security testing facilities that quickly detect system vulnerabilities. Read the blog to know more.
article-img
Secure DevOps | May 20, 2022
New Vulnerability in Spring Framework Detected
A new vulnerability, dubbed SpringShell in Spring Framework, was recently discovered by the HCL AppScan team.SpringShell was given a CVE ID of CVE-2022-22965, and results in Remote Code Execution (RCE) upon successful exploitation, compromising the web server and putting it under the attacker's control. It affects Spring Framework versions 5.3.17/5.2.19 and lower (it was patched in versions 5.3.18/5.2.20).
article-img
Secure DevOps | April 28, 2022
Latest Version of AppScan Standard Now Available
AppScan standard has been a market-leading DAST solution for the last 20 years with evolving capabilities throughout the years.
Close
Filters result by
Sort:
|