What's new in HCL AppScan® Enterprise
This section describes new AppScan Enterprise product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.
New in HCL AppScan® Enterprise 10.7.0
- Scans Trend of Application graph:
- The new graph brings the capability to view the trend of scans created in AppScan Enterprise and AppScan Source.
- If the scans are created in AppScan Source, the graph considers the scan date on the date of publishing of issues into AppScan Enterprise.
- If the historic data storage is active in AppScan Source, the trend includes the rescan history.
- The graph displays the scan trend over the last 24 months.
- Licensing updates:
- AppScan Enterprise can now be downloaded from My HCL Software (MHS) and FlexNet Operations Portal (FNO). In future releases, the new MHS portal will replace FNO.
- Upgrade to Java 17:
- AppScan Enterprise now uses Java 17. Benefits include:
- Enhanced security with stronger encryption and ongoing security updates.
- Improved performance with faster and more efficient scans, reduced wait times, and overall improved system performance.
- Future-proofing with the latest tools and technologies supported by Java 17.
- AppScan Enterprise now uses Java 17. Benefits include:
- Added new industry-standard test policy:
- OWASP Application Security Verification Standard (ASVS) Report
- Added new Regulatory Compliance report:
- [EU] Digital Operational Resilience Act (DORA) Compliance Report
IAST changes
Java 1.18.0:
- Support new vulnerabilities of type
PasswordLeakageDB
andPasswordLeakageSentData
, reported when the password is written unencrypted to the database, response, or message queue. - Merge repeated reports on insecure and HTTP-only cookies when the source is similar.
- Improved support for RabbitMQ.
.NET 1.12.0:
- Support new vulnerabilities of type
PasswordLeakageDB
andPasswordLeakageSentData
, reported when the password is written unencrypted to the database, response, or message queue. - Support for RabbitMQ.
NodeJS 1.10.0:
- Support for RabbitMQ.
APAR fix list
The following Authorized Program Analysis Reports (APARs) were fixed:
APAR No. | Description |
---|---|
KB0110669 | The Issue edit screen loads slowly in the Monitor tab when large import jobs run. |
KB0114194 | Error messages are displayed in encoded format in some cases. |
KB0115712 | The Total Issue count in the security issue PDF report and View Details screen is missing issues of "information" severity. |
KB0114113 | The introduction section of the security issue PDF report has an issue count mismatch with filtered issues. |
KB0111375 | The Security Test Policies page doesn't display the "Critical" checkbox. |
Fixes and security updates
New security rules in this release include:-
attJiraCVE202014179 - Detection for CVE-2020-14179
-
Vulnerable component database updated to version 1.5
-
Additionally, many rules were modified with the help of AI to enhance accuracy.
This release's complete list of fixes, updates, and RFEs is listed here.
Changed in this release
- HCLSoftware products are undergoing changes in license acquisition and
management. In the process, AppScan Enterprise 10.7.0 includes updates to
licensing capabilities.
For more information, refer to the Licensing Changes Announcement blog post.
Removed in this release
- The FlexNet licensing mechanism has been removed in this release.
Upcoming changes
- AppScan Enterprise versions 10.6.0 and earlier will reach End of Support (EOS) by June 2025. It is recommended that you upgrade to the latest version available before then.
- An upgrade to jQuery UI is planned for a future release.