HCL AppScan

Integration with leading build environments, DevOps tools and IDEs provides a frictionless experience for application security testing and fast, targeted remediation of vulnerabilities. AppScan on Cloud offers a full suite of testing technologies (SAST, DAST, IAST and Open Source) to provide the broadest coverage.

Proven cognitive capabilities enable AppScan on Cloud to deliver deeper and faster scan coverage and eliminate false positives. That enables you to perform more accurate scans in less time. And, AppScan Slider for SAST and DAST empowers your organization to trade off speed vs. coverage appropriately for different steps in the Software Development Lifecycle (SDLC).

Application security is not only about performing tests and finding vulnerabilities, it’s about managing risk. AppScan on Cloud empowers you to view all your applications assessed by their importance to the business, along with scanning and remediation status. This allows you to prioritize scarce resources and focus on vulnerabilities that present the greatest risk to your business.

AppScan on Cloud helps to secure and manage your open source components. It enables you to gain control and visibility over open source licensing and vulnerabilities within your applications.

AppScan on Cloud provides a rich set of APIs, as well as an Open Source AppScan Automation Framework that enables you to customize integration to meet your specific requirements. In addition to available “out of the box” integrations for leading tools, APIs and frameworks, AppScan Gateway can be combined to fit existing processes while offloading Application Scanning to the Cloud.

A scalable enterprise solution allows organizations to manage their application security program for all of their applications. Security and development teams can collaborate, establish policies and scale testing throughout the application lifecycle. AppScan Enterprise provides centralized control with advanced application scanning and remediation capabilities.

Comprehensive REST API enables security testing automation and full control of on-boarding and auditing activities. Security testing can be integrated into the pipeline and be triggered by CI/CD tools. Security issues found can be pushed into Issue Management systems using AppScan Issue Gateway.

AppScan Enterprise helps classify and prioritize application assets based on business impact and identify high-risk areas. You gain visibility into the security and compliance risks presented by identified vulnerabilities and can demonstrate your progress through performance metrics.

With AppScan Enterprise, you can define risk based on your own strategy. A measure for risk can be determined for an application based on factors such as access, business impact or significance of security threats. Those factors can be customized and programmed into AppScan Enterprise’s calculations. Managers can define rules to measure risk and automatically classify or rank applications based on that risk to help them make reliable and resource-efficient decisions.

AppScan Standard’s powerful scanning engine employs the latest algorithms and techniques to ensure the most accurate explore coverage and testing. Leverage AppScan’s unique Action Based technology and tens of thousands of built-in tests to best handle real-world applications from simple web apps, through single page applications to JSON based REST APIs.

Statistical analysis test optimization provides control of the trade-off between speed and coverage and enables faster scans, with a minimal impact on accuracy. Incremental scanning capabilities focus your testing efforts only on application code that’s been changed.

AppScan can tailor its testing for all needs. With its advanced configuration, users are empowered to scan even the most complex scenarios. AppScan records and tests complex multi-step sequences, dynamically generating unique data and tracking all varieties of headers and tokens. Machine Learning explore can optimize the crawling of large applications by predicting which links lead to new areas of the application.

Extensive reporting provides powerful insights on issues that are found, simplifying issue triage and resolution. A comprehensive list of compliance and industry standard reports (such as PCI-DSS, HIPAA, OWASP Top 10, SANS 25, etc.) assist you in meeting regulatory requirements.

Build automated security into development by integrating security source code analysis during your build process. The software scans, triages and manages security policies, and prioritizes assignment of results for remediation.

Integrated Development Environments (IDEs), build management tools and Defect Tracking Systems (DTS) provide increased security intelligence and grant the right people the right level of information. AppScan accommodates a broad portfolio of large and complex applications across a wide range of programming languages. It is built on open architecture to protect your existing investments.

With its cognitive IFA capabilities, AppScan Source helps reduce false positives by up to 98% and focus the findings on the ones that should be addressed first. This reduces the need for security experts to spend time reviewing findings for false positives before sending them to developers. The time from identification to remediation is improved, reducing the overall cost of fixing security vulnerabilities.

AppScan Source defines and enforces consistent policies that can be used throughout your enterprise. It can help enable enterprise-wide metrics and reporting with a centralized policy and assessment database. AppScan Source also provides audit and compliance reports that make it easier to understand application-related threat exposure at the executive level.

AppScan provides visibility into security and compliance risks presented by identified security issues. It delivers more than 40 security compliance reports, including PCI-DSS, Payment Application Data Security Standard, ISO 27001 and ISO 27002, HIPAA, Gramm–Leach–Bliley Act and Basel II.