Review reference information for the product.
Reports are automatically generated after a job has run. They provide a way of managing issues so that you can helps you manage issues that are important to your organization and do so in a way that is supported both by the Enterprise Console's workflow and the workflows of other processes within your organization.
A tremendous amount of powerful data is delivered through the reports. But not every organization wants to review their data in exactly the same way as everybody else. Flexible viewing mechanisms help you organize how you review your issues in whatever way makes the most sense to you.
Learn more about Security Reports.
Welcome to the HCL AppScan Enterprise 10.4.0 documentation, where you can find information about how to install, maintain, and use HCL AppScan Enterprise.
Accessibility features assist users who have a disability, such as restricted mobility or limited vision, to use information technology content successfully.
Learn general information about the product.
Learn how to install the product.
Learn how to upgrade the product.
Learn how to integrate the product with other solutions.
Learn how to extend the product with REST APIs and plugins.
Learn best practices for using the product.
Learn how to configure the product.
Learn how to administer the product.
Follow this workflow to manage application security risks in your organization.
To help you understand, isolate, and resolve problems with your HCL® software, the troubleshooting and support information contains instructions for using the problem-determination resources that are provided with your HCL products.
Learn about configuring wizard topics.
Learn about folder explorer topics.
A report pack is a bundle of reports that summarizes the issues discovered within its reports and provides a window into those reports. The reports themselves contain the details of the issues found on your website or application.
Grouping report results by different data sets (such as page, or context or IP address) helps make the report data more relevant to your analysis needs.
You can search for specific issues or information within each report's results. For example, you might want to find all the issues within a certain directory of the Page URL. Or you might want to track a particular issue throughout your remediation process; enter the Issue ID in the Search tab to locate it within the relevant report.
When your report contains a list of identical URLs, it is likely because your site uses static URLs. In these cases, the page content can be determined through the use of either POST data or cookie information.
All issues are classified as open by default. You can see an issue classification by grouping by Issue Status.
Exporting report data is useful if you have team members that do not directly access the Enterprise Console; you can export the report data to an XML file, Excel spreadsheet, pdf or CSV file for them to use.
Import data from AppScan® Source to correlate its findings with an existing dynamic analysis security scan (AppScan Enterprise Server content scan job or an AppScan Standard import job).
This report displays the security issues imported from AppScan® Developer Edition.
This report displays an inventory of form controls found during a content scan to help you determine where privacy choices are being offered (opt-in or opt-out). A form control is a component of a form such as a data collection field.
This report provides information about the content and security of each cookie that is found on a website: a list of pages where the cookie is set, the particular PageComponent that sets the cookie, whether it is a third-party cookie, the domain the data is returned to, the level of security on the cookie, and if the cookie contains a compact policy. The information in this report helps you evaluate if cookie use is in accordance with your privacy policy.
This report displays the correlated issues between the static analysis issue data imported from AppScan® Source and the dynamic analysis issues discovered by AppScan Enterprise, AppScan Standard, or AppScan Developer.
This report displays the correlated issues between the code analysis issue data imported from AppScan® Developer and the dynamic analysis issues discovered by AppScan Enterprise, AppScan Standard, or AppScan Developer.
This report provides an inventory of the pages that contain forms and the type of submission method the form uses.
This report lists all the pages on your site that are collecting Personally Identifiable Information (PII).
This report provides information about the pages on your website that contain forms using the GET submission method to collect visitor information. For those pages that contain information that needs to be protected, change the submission method to use the POST method.
This report displays the pages collecting PII with forms but that do not have a privacy statement link. Use this list to determine if a website visitor might think the data collected by the form is personal. For those pages that do collect personal information, provide a link to a privacy statement on the page that is requesting the information.
This report displays the pages collecting PII without security that contain forms.
This report provides solutions designed to address correlated security issues (dynamic and static analysis) that were detected on your site. Remediation tasks are consolidated by the type of remediation that can be performed to address issues.
This report lists all the application and infrastructure security issues found on your website, correlated from static and dynamic analysis.
This report presents the same correlated security issues (dynamic and static analysis) as found in the Remediation Tasks report, but ordered and presented as risks or "worst case scenarios". This report takes advantage of an evaluation of issue severity, by an escalating scale, to determine how compromised the web property is.
This report displays the static analysis data for quality issues imported from AppScan® Source.
This report displays the static analysis data imported from AppScan® Source.
Learn more about Inventory Reports.
Use the dashboard to track and consolidate the severity metrics and trends of your web applications or website over time. You can combine data from different business areas (such as sales, marketing, or products), specific issue types, or developers so you can see a complete picture of your web properties or applications. Security analysts or web managers can use this high-level view to quickly study interactive reports about the issues.
A GitHub collection of integrations, helper scripts, utilities, useful examples, libraries, and other resources related to HCL AppScan.