Welcome
Welcome to the documentation for HCL AppScan Standard version 10.6.0
Getting started
This section provides a short tour of basic product features and procedures, including using the wizard to set up a scan.
Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Manual exploring
Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.
Scanning
Learn how to start a scan, and what happens during the scan; how to manually manipulate the Explore stage, and how to export the results of a scan.
Data
Data view is populated with information about the structure of the site during the Explore stage of the scan.
Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
Reports
This section describes how to generate reports from the scan results.
Tools
This section explains how to use additional tools provided with HCL AppScan Standard.
Integrations
This section describes integrations of other applications with AppScan Standard:
Best practices
This section contains some best practices and use cases for advanced users.
FAQ & Troubleshooting
CLI
This section describes the syntax and options available using the Command line interface.
References
Menus and toolbar summaries, and glossary
- Menubar
- Browser toolbar
  The icons on the toolbar of the embedded AppScan® browser, used to display and save screenshots of application responses.
- Keyboard shortcuts
  AppScan offers these keyboard shortcuts.
- Accessibility controls
  Describes all keyboard shortcuts and controls.
- Temp files
  Describes where AppScan® saves its temporary files during normal operation, and how to change the location.
- Glossary
  This glossary explains terms and acronyms used in the AppScan® Standard user interface and documentation.
- Compliance
- CWE support
  CWE (Common Weakness Enumeration) is an industry standard list that provides common names for publicly known software weaknesses. The following CWE IDs, and their parent or child IDs, are supported in the current version of AppScan Standard.
- CVE support
- Notices

CVE support

CVE (Common Vulnerabilities and Exposures) is an industry standard list that provides common names for publicly known information security vulnerabilities and exposures. This makes it easier to share data across separate databases and tools. (For more details see the CVE website at: http://cve.mitre.org/)

AppScan advisories for vulnerabilities that have been assigned a CVE that include the reference, with a link to the description on the CVE website. (CVEs begin with the letters CVE for accepted vulnerabilities or CAN for candidate ones.)

You can:

See the CVE that is tested for by any particular test, in Test Policy view (Scan Configuration > Test Policy; see Test policy and optimization)
List all tests that have CVEs by searching for CVE abd CAN strings in Test Policy view
Search for a particular CVE by searching for its ID in Test Policy view
Include CVEs (as part of the advisory) in reports