Home
Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
Issues: Detail pane
How to fix
The third tab of the Details pane.
CWE

Welcome
Welcome to the documentation for HCL AppScan Standard version 10.6.0
Getting started
This section provides a short tour of basic product features and procedures, including using the wizard to set up a scan.
Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Manual exploring
Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.
Scanning
Learn how to start a scan, and what happens during the scan; how to manually manipulate the Explore stage, and how to export the results of a scan.
Data
Data view is populated with information about the structure of the site during the Explore stage of the scan.
Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
- Issues: Application tree
- Issues: Result list
- Issues: Detail pane
  - Issue information
    The first tab of the Detail pane summarizes the information available.
  - Request/Response
    The second tab of the Detail pane is the Request/Response tab.
  - How to fix
    The third tab of the Details pane.
    - CWE
- Report false positive test results
- Manual tests
- Non-vulnerables
Reports
This section describes how to generate reports from the scan results.
Tools
This section explains how to use additional tools provided with HCL AppScan Standard.
Integrations
This section describes integrations of other applications with AppScan Standard:
Best practices
This section contains some best practices and use cases for advanced users.
FAQ & Troubleshooting
CLI
This section describes the syntax and options available using the Command line interface.
References
Menus and toolbar summaries, and glossary

CWE

CWE (Common Weakness Enumeration) is an industry standard list that provides common names for publicly known software weaknesses. This makes it easier to share data across separate databases and tools. (For more details see the CWE website at: http://cwe.mitre.org/)

AppScan advisories for vulnerabilities that have been assigned a CWE that include the reference number, and a link to the description on the CWE website. Where specific vulnerabilities have their own CWE (in addition to the ID for the issue), this is shown in the Variant Details pane.

You can:

View the CWEs for an issue in the advisory for that issue (see How to Fix tab). Click the link to view its description on the CWE website.
Include CWEs (as part of the advisory) in reports
Search for a particular CWE by searching for its reference number in Test Policy view

For the version of the CWE database used in the current version of AppScan, refer to the Release Notes located in [AppScan Standard installation directory]\Docs. If a daily update changes the database used, the change will be listed in the AppScan Log. To access the log, go to Help > AppScan Log.