Learn how to administer the product.
Learn how to prepare for security testing in AppScan Enterprise.
Welcome to the HCL AppScan Enterprise 10.7.0 documentation, where you can find information about how to install, maintain, and use HCL AppScan Enterprise.
Accessibility features assist users who have a disability, such as restricted mobility or limited vision, to use information technology content successfully.
Learn general information about the product.
Learn how to install the product.
Learn how to upgrade the product.
Learn how to integrate the product with other solutions.
Learn how to extend the product with REST APIs and plugins.
Learn best practices for using the product.
Learn how to configure the product.
Learn how to manage user groups and access permission.
Administrators can configure the settings for log files for the Enterprise Console and AppScan Server and download them when they need to troubleshoot issues. This function eliminates the need to search the file system of the computer where the Enterprise Console or AppScan Server is installed.
The AdminUtil tool helps users to avoid rerun the configuration wizard on the AppScan Enterprise Server and the DAST Scanner(s) to reset the password. You can run the utility in two modes - Interactive mode and Silent mode. For more information about resetting service account password through interactive mode, see Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool in silent mode
The AppScan Enterprise (ASE) AdminUtil tool helps users to avoid rerun the configuration wizard on the AppScan Enterprise Server, IAST Communication service, DAST scanner(s), Database service, and Alert services to reset the password of service account. You can achieve this by running the utility in two modes - Interactive mode and Silent mode. For more information about resetting service account password through interactive mode, see Resetting Service Account Password in AppScan Enterprise through the ASE AdminUtil tool
Create an Activity Log report to determine who is using AppScan Enterprise and what they are doing with it. The report lists the users that made changes and when the changes were made. Because the log is always recording activity, all you must do is create the report. Only Administrators can create the Activity Log report; however, any user can be given access to it as part of a report pack's properties. If you do not want other users to see the Activity Log report, change `All Other Users' to No Access on the Users and Groups page for the report pack.
Activity Log helps determine who is using AppScan Enterprise and what they are doing with it. It lists the users that made changes and when the changes were made. This is useful for security auditing to detect possible unauthorized or unusual activities performed by users. Only Administrators can view the Activity log. By default, the activity log data is retained for one year.
Product Administrators are responsible for managing each server to its optimal performance.
See the status of scan jobs currently running or waiting to run so that you can prioritize the order in which your key scan jobs run. For example, you might have scan jobs that are part of a time-sensitive deliverable, like a holiday shopping special. You can move them to the top of the queue to make sure that they are prioritized first in the schedule.
The security rules are updated as a part of your AppScan® Enterprise releases. You can verify the version and release date of the security rules by looking in the About link in the AppScan Enterprise main menu.
AppScan® Standard provides a database of thousands of tests. However, if your web application has issues that are specific to it, or if you want to write your own advisories for fixing issues, you can create your own tests. These tests are saved and included in your AppScan database of tests. You can also export them as a *.udt file to import into AppScan Enterprise.
SQL Server database maintenance includes upgrading SQL servers, SQL database backup, log file configuration, and database usage.
A server group is a group of items that can be tested as a unit; the same security tests will be applied to all the servers in the group. A server group can be any combination of domains and IP addresses.
If you want to enable or disable your address ranges (which will affect the entire installation), you can do so. You might disable a range of addresses if you had servers that were in the process of being backed up. In this case, you can prevent anyone from running security tests on the servers by disabling the IP address range of the servers. Another method of restricting IP address testing is at the user level through the application of server groups.
Learn how to create and import security test policies in AppScan Enterprise.
Learn how to create scan templates in AppScan Enterprise.
Follow this workflow to manage application security risks in your organization.
To help you understand, isolate, and resolve problems with your HCL® software, the troubleshooting and support information contains instructions for using the problem-determination resources that are provided with your HCL products.
Review reference information for the product.