Welcome
Welcome to the documentation for HCL AppScan Standard version 10.4.0
Getting started
This section provides a short tour of basic product features and procedures, including using the wizard to set up a scan.
Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Manual exploring
Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.
Scanning
Learn how to start a scan, and what happens during the scan; how to manually manipulate the Explore stage, and how to export the results of a scan.
Data
Data view is populated with information about the structure of the site during the Explore stage of the scan.
Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
Reports
This section describes how to generate reports from the scan results.
- Report overview
  - Configuring report layout
    The layout tab of the Create Report dialog box enables you to customize the appearance of your reports. (This feature is optional, as you can simply generate reports using the default layouts.)
  - Viewing and saving reports
    Reports can be generated and viewed in AppScan®'s Report Viewer, and saved in various formats.
  - Creating partial reports
    You can create a Security Report or a Template-Based Report for a subset of the scan results by right-clicking on the URL or folder for which you want to create the report.
  - Earlier versions of report templates
    Earlier versions of some Industry Standard and Regulatory Compliance templates are saved in the "Old Versions" folder.
- Security reports
  The Security report provides information about security issues discovered, and you can choose from a variety of templates depending on the type of content you need.
- Industry Standard and Compliance reports
  Industry Standards reports let you know if your application complies with standards of a selected industry committee; Regulatory Compliance reports let you know if your application complies with specific regulations or legal standards.
- Delta Analysis reports
  The Delta Analysis report compares two sets of scan results and shows the difference in URLs and/or security issues that were discovered in them.
- Template-based reports
  The Template Based tab of the Create Report dialog box enables you to create reports in Microsoft® Word DOC and DOCX formats, with exactly the data you want, and the document formatting you define.
Tools
This section explains how to use additional tools provided with HCL AppScan Standard.
Integrations
This section describes integrations of other applications with AppScan Standard:
Best practices
This section contains some best practices and use cases for advanced users.
FAQ & Troubleshooting
CLI
This section describes the syntax and options available using the Command line interface.
References
Menus and toolbar summaries, and glossary

Report overview

After AppScan has assessed your site's vulnerability, you can generate customized reports configured for the various personnel in your organization; from developers, internal auditors, and penetration testers, to managers and executives.

There are five basic types of report, as described below. The Security Report includes many options that can be included or excluded depending on who the report is intended for.

You can open and view the reports from within AppScan, and you can save a report as a file to be opened with a third-party application, such as Acrobat Reader.


Icon	Name	Short Description
	Security reports	Report of security issues found during the scan. Security information may be very extensive, and can be filtered depending on your requirements. Six standard templates are included, but each can easily be tailored to include or exclude categories of information, as necessary.
	Industry Standard reports	Report of the compliance (or non-compliance) of your application with a selected industry committee, or your own custom standards checklist.
	Regulatory Compliance reports	Report of the compliance (or non-compliance) of your application with a large choice of regulations or legal standards, or with your own custom Regulatory Compliance template).
	Delta Analysis reports	The Delta Analysis report compares two sets of scan results and shows the difference in URLs and/or security issues discovered.
	Template-based reports	Custom report containing user-defined data and user-defined document formatting, in Microsoft® Word DOC and DOCX formats.