What's new
This section describes new product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.
New in HCL AppScan Standard version 10.0.5
- How to fix:
- New and improved Advisory and Fix Recommendation content for many issues, consolidated into the new How to Fix tab
- New and detailed code-specific "How to Fix" content for many code languages
- Non-standard headers: Can now be excluded from testing, like parameters and cookies (Configuration dialog box > Parameters and Cookies tab)
- Compliance report upgrade: DISA STIG V5R1
- Security testing:
- Improved XSS analysis through browser-based validation for some rules
- New application tests:
- Referrer policy – Detect misconfigured or insecure referrer policy
- Host header injection – Test if host header is being parsed dynamically in the application
- CORS arbitrary origin – Test if CORS policy originated from arbitrary origin header value
- New infrastructure tests:
- CVE-2020-5398 - Detect Reflected File Download on Spring Framework
- CVE-2020-7246 - Remote Command Execution on qdPM
- CVE-2020-9006 - Popup Builder Wordpress Plugin SQL Injection
- CVE-2020-11022/11023 - Detect XSS in JQuery before version 3.5.0
- CVE-2020-17530 - Apache Struts 2 Forced Multi OGNL Evaluation
Fixes and security updates
- Fixes and security updates are listed here.
Removed in this release
- Malware detection
- X-Force categorization in Advisories and Issue Details
- .NET, J2EE, and PHP-specific information is no longer included in reports, but new code-specific information for many languages, including these three, is available in the UI
- Ability to edit Advisories and Fix Recommendations
Upcoming changes
- XML report format will change in the next release
- The following will be removed in a future release:
- Scan Expert
- These test policies: Web Services, The Vital Few, Developer Essentials; as similar reults can now be achieved using other policies (see FAQ)
- Tasks view