Home
Getting started
This section provides a short tour of basic product features and procedures, including using the wizard to set up a scan.
What's new
This section describes new AppScan Standard product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.

Welcome
Welcome to the documentation for HCL AppScan Standard version 10.7.0
Getting started
This section provides a short tour of basic product features and procedures, including using the wizard to set up a scan.
- Overview
- What's new
  This section describes new AppScan Standard product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.
- System requirements
  A summary of the minimum hardware and software required for the machine that runs AppScan Standard.
- Installing
  The installation wizard guides you through the fast and simple process.
- License
  This section describes for the trial and paid versions of AppScan Standard.
- How an automatic scan works
  This topic explains the difference between the "stages" and "phases" of a scan.
- Exploration methods for web applications and APIs
  This topic explains the different methods available for exploring sites, before AppScan tests them.
- Web application automatic scan workflow
  Provides a simple workflow of an automatic scan of a web application.
- Web API automatic scan workflow
  Provides a simple workflow of an automatic scan of a web API.
- Home screen
  Describes the options available from the home screen that opens when you load AppScan Standard.
- Tour of the main screens
  Describes the components of the AppScan main screen (Issues view), and all menus and toolbars.
- Tutorial
  This simple tutorial goes through the steps of configuring a simple application scan using the Scan Configuration wizard, running the scan, and reviewing the results.
- Sample files
  The sample files can help give you a feel for using AppScan and what scan results look like.
Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Manual exploring
Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.
Scanning
Learn how to start a scan, and what happens during the scan; how to manually manipulate the Explore stage, and how to export the results of a scan.
Data
Data view is populated with information about the structure of the site during the Explore stage of the scan.
Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
Reports
Tools
This section explains how to use additional tools provided with HCL AppScan Standard.
Integrations
This section describes integrations of other applications with AppScan Standard:
Best practices
This section contains some best practices and use cases for advanced users.
FAQ & Troubleshooting
CLI
This section describes the syntax and options available using the Command line interface.
References
Menus and toolbar summaries, and glossary

What's new

This section describes new AppScan Standard product features and enhancements in this release, as well as deprecations and anticipated changes, where relevant.

New in HCL AppScan Standard 10.7.0

Azure OpenAI configuration enhances accuracy by implementing additional filters to refine the test results.
API scanning workflow is redesigned to provide a better user experience that includes automatic login support.
New Compliance reports:
- [EU] Digital Operational Resilience Act (DORA)
- OWASP Application Security Verification Standard
Updated Compliance reports:
- [US] DISA's Application Security and Development STIG V6 Release 1
Reports creation now available from the main toolbar is redesigned for better accessibility and ease of use. The Regulatory compliance and Industry standard reports are merged as Compliance reports.
Downloads for AppScan Standard are available through FlexNet Operations Portal (FNO) and My HCL Software (MHS). You can try the new MHS portal as it will be used for future releases.
A series of enhancements and redesigns aimed at improving the usability of several scan configuration dialogs as follows:

Fixes and security updates

New security rules in this release include:

attJiraCVE202014179 - Detection for CVE-2020-14179
Vulnerable component database updated to version 1.5
Additionally, many rules were modified with the help of AI to enhance accuracy.

For a complete list of fixes, new and updated security rules, and RFEs in this release, see AppScan Standard Fix List.

Changed in this release

HCLSoftware products are undergoing changes in license acquisition and management. For more information, refer to the Licensing Changes Announcement blog post.
Removed the option to install the AppScan SSL certificate, which was previously used to record traffic from SSL sites.

Upcoming change

AppScan Standard versions 10.6.0 and earlier will reach End of Support (EOS) by June 2025. It is recommended that you upgrade to the latest version available before then.
The Web API Wizard (OpenAPI) extension will be removed in a future version of AppScan.