What's new in HCL AppScan® Enterprise

Important Notice

For HCL AppScan Enterprise version 10.0.3 and newer, an HCL license is required. HCL AppScan Enterprise versions 10.0.3 and newer do not support IBM licenses. See the product documentation for instructions on installing an HCL License. For more information contact your HCL representative or HCL Support.

New in HCL AppScan® Enterprise 10.0.3

This section describes new product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.

SAML Single Sign-On solution for AppScan Enterprise

AppScan Enterprise is now enhanced to support SAML Single Sign-On (SAML-SSO) service for user authentication for application login. In the SAML-SSO model, a user is allowed to access AppScan Enterprise application through an Identity Provider (IDP) service such as Okta or PingFederate. See SAML Single Sign-On in AppScan Enterprise

AppScan Source Database Service configuration

AppScan Enterprise is now enhanced with a new wizard to configure the database service for AppScan Source. See Configuring AppScan Source Database Service from AppScan Enterprise

IAST installation and configuration

AppScan Enterprise can now automatically setup the IAST service at the end of the configuration wizard.

Web Services scanning using ADAC

You can now record traffic from an external client, whether it’s on your local machine or on a remote device. In the case of Postman and SoapUI, they are automatically configured for exploring with AppScan as the recording proxy, when you open them from the UI.

You can now open them from:
  • Login Management
  • Manual Explore
  • Multi-Step Operations

Security testing improvements

  • Detect and test non-standard HTTP headers.
  • Automatically detect application-specific HTTP headers and test them as application parameters.
  • New tests
    • Detect cipher suites that do not support Forward Secrecy.
    • Detect when AEAD is not supported by the host.
    • Detect and validate SameSite cookie references.
    • CVE-2019-18935 - Telerik UI for ASP.NET RCE
    • CVE-2017-11317 - Telerik UI for ASP.NET File Upload
    • CVE-2019-0604 - Microsoft SharePoint RCE

Multi step operations

Improved performance.

Removed in this release

Manual Explorer

Will be removed in a future release

The following will be removed in a future release:

  • Generic Service Client (GSC)
  • X-Force categorization in Advisories and Issue Details.
  • AppScan Enterprise server on 32bit Windows Operating System.
  • AppScan Enterprise Agent support on 32-bit OS.
  • AppScan Enterprise plug-in for Internet Explorer browser.
  • Malware detection capability