What's new in HCL AppScan® Enterprise

This section describes new AppScan Enterprise product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.

New in HCL AppScan® Enterprise 10.7.0

  • Scans Trend of Application graph:
    • The new graph brings the capability to view the trend of scans created in AppScan Enterprise and AppScan Source.
    • If the scans are created in AppScan Source, the graph considers the scan date on the date of publishing of issues into AppScan Enterprise.
    • If the historic data storage is active in AppScan Source, the trend includes the rescan history.
    • The graph displays the scan trend over the last 24 months.
  • Licensing updates:
  • Upgrade to Java 17:
    • AppScan Enterprise now uses Java 17. Benefits include:
      • Enhanced security with stronger encryption and ongoing security updates.
      • Improved performance with faster and more efficient scans, reduced wait times, and overall improved system performance.
      • Future-proofing with the latest tools and technologies supported by Java 17.
  • Added new industry-standard test policy:
    • OWASP Application Security Verification Standard (ASVS) Report
  • Added new Regulatory Compliance report:
    • [EU] Digital Operational Resilience Act (DORA) Compliance Report

IAST changes

Java 1.18.0:
  • Support new vulnerabilities of type PasswordLeakageDB and PasswordLeakageSentData, reported when the password is written unencrypted to the database, response, or message queue.
  • Merge repeated reports on insecure and HTTP-only cookies when the source is similar.
  • Improved support for RabbitMQ.
.NET 1.12.0:
  • Support new vulnerabilities of type PasswordLeakageDB and PasswordLeakageSentData, reported when the password is written unencrypted to the database, response, or message queue.
  • Support for RabbitMQ.
NodeJS 1.10.0:
  • Support for RabbitMQ.

APAR fix list

The following Authorized Program Analysis Reports (APARs) were fixed:

APAR No. Description
KB0110669 The Issue edit screen loads slowly in the Monitor tab when large import jobs run.
KB0114194 Error messages are displayed in encoded format in some cases.
KB0115712 The Total Issue count in the security issue PDF report and View Details screen is missing issues of "information" severity.
KB0114113 The introduction section of the security issue PDF report has an issue count mismatch with filtered issues.
KB0111375 The Security Test Policies page doesn't display the "Critical" checkbox.

Fixes and security updates

New security rules in this release include:
  • attJiraCVE202014179 - Detection for CVE-2020-14179

  • Vulnerable component database updated to version 1.5

  • Additionally, many rules were modified with the help of AI to enhance accuracy.

This release's complete list of fixes, updates, and RFEs is listed here.

Changed in this release

  • HCLSoftware products are undergoing changes in license acquisition and management. In the process, AppScan Enterprise 10.7.0 includes updates to licensing capabilities.

    For more information, refer to the Licensing Changes Announcement blog post.

Removed in this release

  • The FlexNet licensing mechanism has been removed in this release.

Upcoming changes

  • AppScan Enterprise versions 10.6.0 and earlier will reach End of Support (EOS) by June 2025. It is recommended that you upgrade to the latest version available before then.
  • An upgrade to jQuery UI is planned for a future release.