What's new
This section describes new AppScan Standard product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.
New in HCL AppScan Standard 10.6.0
- API scanning now offers improved configuration capabilities, enhanced coverage, and better detection of vulnerabilities through advanced OpenAPI automatic scanning.
- AppScan connect:
- Support for AppScan 360°: AppScan Connect now fully supports integration with AppScan 360°, where you can create a scan with AppScan Standard scan configuration or upload the scan results to AppScan 360°.
- Redesigned the connection method: The new interface is more intuitive and user-friendly, making it easier and faster to establish connection with other AppScan products.
- New Regulatory Compliance reports:
- OWASP Cloud-Native Application Security Top 10
- Network and Information Security Directive (NIS2)
- AppScan now maps multiple CWEs to vulnerabilities, resulting in better report coverage.
- Save only one variant per issue test option added to optimize scan time by limiting AppScan to test only until the first variant of an issue is found.
- Vulnerabilities in the generated reports now include CVSS vectors.
- Multiple domains can be added to the "Domains to be tested" list using a CSV file.
- A series of enhancements and redesigns aimed at improving the usability of several scan configuration dialogs as follows:
Fixes and security updates
New security rules in this release include:
- attWPHelperLitePluginXSSCVE20230448 - Detection for CVE-2023-0448
- WordPressWBPUPluginXSSCVE202328665 - Detection for CVE-2023-28665
- WordPressLWPPluginXSSCVE202323492 - Detection for CVE-2023-23492
- attNoSQLInjection - Improved support for NoSQL vulnerabilities (demonstrated in crAPI)
- attCactiRemoteCommandExecutionCVE202246169 - Cacti Detection for CVE-2022-46169
- Vulnerable component database updated to version 1.4
For a complete list of fixes, new and updated security rules, and RFEs in this release, see AppScan Standard Fix List.
Changed in this release
- The “delete issue" functionality is removed from both the edit and context menus. Additionally, the option to mark an issue as non-vulnerable is removed. Now, you can only mark issues as "noise" if they are false positives.
Upcoming change
- Starting with version 10.7.0, the licensing procedure is changing. This change does not impact existing usage. Stay tuned for more details and updates from HCL AppScan. For more information, see the following blog article: