HCLAppScan Standard is a penetration-testing component of the HCL AppScan application security testing suite, used to test web applications and services. It features cutting edge methods and techniques to identify security vulnerabilities to help protect applications from the threat of cyber-attacks.
HCLAppScan Standard is a Dynamic Analysis tool, evaluating application security at runtime by attacking the application using techniques analogous to methodologies used by hackers. The result of the tests includes a rich set of data ranging from application inventory to detailed attack traffic which can be reproduced for validation and fix. This data can be examined and processed in the UI or exported in various formats for sharing in other tools.
Beyond the cutting-edge testing facilities AppScan includes additional capabilities to help you run your testing program as efficiently as possible. Some of these are:
General and regulatory compliance reporting, with over 40 different templates available out-of-the-box
Customization and extensibility through the AppScan eXtension Framework, or by direct integration into existing systems using the AppScan SDK
Built-in optimization mechanism to help focus the test for the most likely issues in the most likely parts of your application
AppScan Standard helps you decrease the risk of web application attacks and data breaches both before site deployment and for ongoing risk assessment in production.
Some technologies used by your site might affect AppScan’s ability to scan it, while others do not affect the scan at all.
AppScan is a "Black-Box" (DAST) tool, and scans your site using the same mechanisms as a browser. Therefore, in general, server-side technologies that are transparent to a browser are also transparent to AppScan, and do not affect the scan.
WebSocket login recording and login playback are supported.