Welcome
Welcome to the documentation for HCL AppScan Standard version 10.4.0
Getting started
This section provides a short tour of basic product features and procedures, including using the wizard to set up a scan.
Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Manual exploring
Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.
Scanning
Learn how to start a scan, and what happens during the scan; how to manually manipulate the Explore stage, and how to export the results of a scan.
Data
Data view is populated with information about the structure of the site during the Explore stage of the scan.
Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
- Issues: Application tree
- Issues: Result list
  - Issue severity levels
    - Change issue severity
      You can manually change the severity level for an issue, overriding its CVSS score.
    - Apply CVSS 3.1 to legacy results
      How to update a scan run with an older CVSS version.
  - Issue state: Open or Noise
    Issues not relevant to your application can be designated as "Noise" and removed from the results.
  - Resending tests
  - Right-click menu
  - Filtering Security Issues in Result List
    You can filter the Result List for types of issues, or you can search for a specific issue.
  - Sorting the Result List
- Issues: Detail pane
- Report false positive test results
- Manual tests
- Non-vulnerables
Reports
This section describes how to generate reports from the scan results.
Tools
This section explains how to use additional tools provided with HCL AppScan Standard.
Integrations
This section describes integrations of other applications with AppScan Standard:
Best practices
This section contains some best practices and use cases for advanced users.
FAQ & Troubleshooting
CLI
This section describes the syntax and options available using the Command line interface.
References
Menus and toolbar summaries, and glossary

Issue severity levels

In the case of individual issues, the severity icon indicates the severity level of the issue; in the case of Issue Types and URLs, it indicates the most severe of all issues under that node.

Severity level is calculated based on CVSS 3.1 scoring, taking into account environment definitions you can optionally configure. In addition, you can manually change the severity level of individual issues or groups of issues.


Icon	Severity	Description	Score	Examples
	Critical	High severity issues that are easier to exploit.	9 - 10	Exploitation of the vulnerability likely results in root-level compromise of servers or infrastructure devices. Exploitation is usually straightforward.
	High	Direct danger to your application, web server, or information.	7 - 8.9	Executing commands on server, stealing customer information, denial of service.
	Medium	Threat through unauthorized access to private areas, though the database and operating system are not at risk.	4 - 6.9	Script source disclosure, forceful browsing.
	Low	Allow for unauthorized reconnaissance.	0.1 - 3.9	Server path disclosure, internal IP address disclosure.
	Informational	Issues you should know about, not necessarily security issues.	0	Insecure methods enabled.