Welcome
Welcome to the documentation for HCL AppScan Standard version 10.4.0
Getting started
This section provides a short tour of basic product features and procedures, including using the wizard to set up a scan.
Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Manual exploring
Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.
Scanning
Learn how to start a scan, and what happens during the scan; how to manually manipulate the Explore stage, and how to export the results of a scan.
Data
Data view is populated with information about the structure of the site during the Explore stage of the scan.
Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
Reports
This section describes how to generate reports from the scan results.
Tools
This section explains how to use additional tools provided with HCL AppScan Standard.
Integrations
This section describes integrations of other applications with AppScan Standard:
Best practices
This section contains some best practices and use cases for advanced users.
FAQ & Troubleshooting
CLI
This section describes the syntax and options available using the Command line interface.
References
Menus and toolbar summaries, and glossary
- Menubar
- Browser toolbar
  The icons on the toolbar of the embedded AppScan® browser, used to display and save screenshots of application responses.
- Keyboard shortcuts
  AppScan offers these keyboard shortcuts.
- Accessibility controls
  Describes all keyboard shortcuts and controls.
- Temp files
  Describes where AppScan® saves its temporary files during normal operation, and how to change the location.
- Glossary
  This glossary explains terms and acronyms used in the AppScan® Standard user interface and documentation.
- Compliance
- CWE support
  CWE (Common Weakness Enumeration) is an industry standard list that provides common names for publicly known software weaknesses. The following CWE IDs, and their parent or child IDs, are supported in the current version of AppScan Standard.
- Notices

United States government regulation compliance

Compliance with United States government security and information technology regulations help to remove sales impediments and roadblocks. It also provides a proof point to prospects worldwide that HCL® is working to make their products the most secure in the industry. This topic lists the standards and guidelines that AppScan® Standard supports.

Federal Information Processing Standard (FIPS)

On Windows platforms that are supported by AppScan Standard, AppScan Standard supports FIPS Publication 140-2, by using a FIPS 140-2 validated cryptographic module and approved algorithms.

National Institute of Standards and Technology (NIST) Special Publication (SP) 800-131a

NIST SP 800-131A guidelines provide cryptographic key management guidance. These guidelines include:

Key management procedures
How to use cryptographic algorithms
Algorithms to use and their minimum strengths
Key lengths for secure communications

Government agencies and financial institutions use the NIST SP 800-131A guidelines to ensure that the products conform to specified security requirements.

Enabling FIPS 140-2 compliance on your operating system

Go to Start > Control Panel > Administative tools > Local Security Policy.
Go to Security Settings > Local Policies > Security Options > System Cryptography and enable the Use FIPS compliant algorithms for encryption, hashing, and signing security setting.