What's new
This section describes new product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.
A new AppScan experience is on the way!
We’ve prepared a Technology Preview Code version of the new AppScan Standard with greatly improved user experience and the same powerful DAST engine. This still-evolving version will be replacing the current UI in a future release.
You can take it for a trial run right now! Simply close this version, go to your AppScan installation folder (default path is C:\Program Files (x86)\HCL\AppScan Standard), and click on AppScanGui.exe.
New in HCL AppScan Standard version 10.0.6
- Reports (XML, PDF, HTML and Word) now include the same general content and structure as the user interface.
- Regulatory Compliance Reports now include a Summary section.
- Security updates:
- Detection of Request smuggling vulnerabilities
- SSTI (Server-side Template Injection)
- SSRF (Server-side Request Forgery)
- JWT: Weak signature in JSON web tokens
- OAuth: Cross-site Request Forgery
- OAuth: Implicit grant type
- CVE-2017-1000486: PrimeFaces RCE
- CVE-2020-25213: WordPress RCE
- CVE-2021-2109: Oracle WebLogic RCE
Added in fix 10.0.6.28111
- Fixed the Log4j vulnerability in AppScan - CVE-2021-44228 & CVE-2021-45046
- Added a security update to test for Log4j vulnerability CVE-2021-44228
Fixes and security updates
- Fixes and security updates are listed here.
Note: After the original release on 15th November 2021, the Log4j vulnerability was announced. A fixed version of AppScan Standard 10.0.6 was therefore released on 17th December 2021. The fixed version, AppScan Standard 10.0.6.28111 - which is now the only version of 10.0.6 available for download in FNO - resolves the Log4j vulnerability in AppScan Standard, and also tests for it.
Upcoming changes
- The following will be removed in a future release:
- Scan Expert
- The Web Services, The Vital Few, and Developer Essentials test policies will be removed, as similar results can now be achieved using other policies (see FAQ)