Follow this workflow to manage application security risks in your organization.
Learn how to test vulnerabilities identified in an application.
These scenarios are targeted at developers and the security team. Choose the user role that most closely matches your situation.
Using scan configuration authored in AppScan standard, the security team creates templates.
Learn how to create a scan.
Welcome to the HCL AppScan Enterprise 10.4.0 documentation, where you can find information about how to install, maintain, and use HCL AppScan Enterprise.
Accessibility features assist users who have a disability, such as restricted mobility or limited vision, to use information technology content successfully.
Learn general information about the product.
Learn how to install the product.
Learn how to upgrade the product.
Learn how to integrate the product with other solutions.
Learn how to extend the product with REST APIs and plugins.
Learn best practices for using the product.
Learn how to configure the product.
Learn how to administer the product.
Learn how to create an application inventory.
Learn how to import issues from internal and 3rd-party scanners.
The developer team creates scan templates using different methods and user interfaces in AppScan.
This topic helps security team to learn creating scan templates.
Upload a scan template from AppScan® Standard to use the same explore and test phase configuration in AppScan Enterprise. This saves time and effort in re-creating scan configurations between AppScan Standard and AppScan Enterprise.
As part of the security team, you can create advanced scans by using the AppScan Dynamic Analysis Client.
As a security analyst, you might have to help a developer to edit a basic scan they created. In the AppScan Dynamic Analysis Client, you can see scan configuration options that a developer cannot see.
Page Structure (DOM) Filtering can greatly reduce scan time by identifying pages that are similar enough to pages already scanned, that they can safely be ignored. AppScan compares new pages with those pages already scanned for structural (DOM) similarity, which indicates the new page contains no new links or contains content that requires more testing. For example, on a commercial site there might be a catalog with individual pages for a thousand different items that are identical in all other ways. There is usually no need to scan all of those pages. Filtering based on DOM similarity can greatly reduce scan time.
If you have an existing content scan that is based on a scan template (*.scant) from AppScan® Standard, you can convert the scan configuration so that you can edit it directly in the AppScan Dynamic Analysis Client. However, after you convert the scan configuration, you cannot open it again in AppScan Standard.
Learn how to run and schedule a job in AppScan Enterprise.
Export scan properties and creating a new scan based on those properties. This is the method you use to copy a scan between two Enterprise Console instances.
There are three methods you can use to stop a job while it is running. Each method is used for a different reason, which largely depends on whether you want to keep the data or you want to continue running the job from the point where it left off. You can resume a suspended job to continue the scan from where it stopped. A resumed job is handled by the next free agent on any available agent server.
Learn how to determine risks and prioritize vulnerabilities identified in an application.
Learn how to remediate risks identified in an application.
Learn how to measure progress and demonstrate compliance.
To help you understand, isolate, and resolve problems with your HCL® software, the troubleshooting and support information contains instructions for using the problem-determination resources that are provided with your HCL products.
Review reference information for the product.