System requirements and version support

Explore the detailed system requirements and supported operating systems and languages for the AppScan on Cloud analyzers. Additionally, discover the compatible browsers and minimum screen resolution necessary for optimal service performance.

ASoC service host requirement

All ASoC customers with a subscription for any technology (DAST, SAST, IAST, and/or SCA) need access to the domain:
  • cloud.appscan.com

ASoC DAST technology requirements

IP address guidelines for DAST scanning

For DAST scanning, ASoC uses specific source IP addresses. To prevent scan interruptions, follow these guidelines.

Allow connections for the data center you use:

  • North America data center (US): 172.175.168.216
  • Western Europe data center (EU): 131.189.248.122

Public and private site scanning:

These IPs apply to both public site scanning (internet-accessible sites) and private site scanning (sites not publicly accessible).

For public site scanning:

Allow incoming connections from the IP addresses listed above.

For private site scanning:

  • Ensure your network allows outgoing connections on port 443 to the IP addresses listed above.
  • Tunnel connections use TLS with certificate pinning, so the client accepts only a specific certificate. Any attempt to inspect or intercept traffic (for example, via an organizational proxy performing a man-in-the-middle (MITM) inspection) will cause the connection to fail.
  • Allow direct TLS connections without interception.

For more information about data centers, see Data center selection.

For more information on private site scanning, see Private sites.

The ASoC blob storage host relevant to the ASoC region must be allowed:
  • North America data center (US): asoceapusstorage.blob.core.windows.net
  • Western Europe data center (EU): asoceapdestorage.blob.core.windows.net

    This storage is used to display the live DAST scan log during a DAST scan execution.

Azure manages the IP addresses for these domains and might change them over time. Therefore, you must add the domains themselves to your allowlist. If direct domain addition is not possible, you can manually add the IP addresses. To do this, download the file from Azure IP Ranges and Service Tags – Public Cloud and include only the IP ranges listed under the AzureFrontDoor.Frontend section.
For DAST Command Execution and Remote File Inclusion testing, allow the host:
  • securityip.appsechcl.com
This host is used to perform ADNS testing by sending DNS lookup queries to find security issues such as Log4j.

ASoC analyzers

Requirements and limitations:

Supported Browsers

ASoC is compatible with the latest versions of the following browsers:
  • Chrome
  • Edge
  • Firefox
  • Safari (Mac only)

Screen resolution

The recommended screen resolution for ASoC is 1920 x 1080.

Request rate limit

You can make up to 500 requests per minute (sliding window). The limit is counted separately per authenticated user and per unique IP address for unauthenticated requests. If you exceed this limit, AppScan will return a 429 status code with the response message "Too many requests."

Login requirements

  • If login to your site or app requires credentials beyond a username and password, you can provide these when setting up the scan. However, note that intervention by our Support team will be necessary to run the scan, which may increase scan time.
  • CAPTCHA is not supported. You must disable any CAPTCHA mechanism to enable scanning.

AppScan Presence