Dynamic Application Security Testing (DAST)
Identify security vulnerabilities by crawling through web applications to map potential exploit paths and execute tests against those paths in web applications.
Minimize the threat of costly data breaches or malicious hacks with dynamic analysis. Our DAST technology enables you to scan running applications and APIs for potential vulnerabilities while they are still in the production environment.
By incorporating automated DAST at any stage of development, you can address the most complex applications, assess risks, and help manage and resolve vulnerabilities... all before your applications are deployed to the web.
Web API Scanning
Web API Scanning
Quickly broaden your vulnerability coverage with automatic scanning of all Web APIs. This can be done through using Postman collection files, Open API descriptions, recorded traffic, or by harnessing HCL AppScan's seamless integration with leading API testing tools.
Incremental Scanning and Test Optimization
Incremental Scanning and Test Optimization
Save time and resources by leveraging our unique incremental scanning capability, which can limit testing to new portions of the source code or portions with issues found in earlier scans.
Fine-tune the time testing takes at distinct phases of the SDLC (software development life cycle) with our Test Optimization Slider, which offers four optimization levels to control the trade-off between issue coverage and scan speed. Choose to go 10x faster with 70% accuracy, or only 2x faster with 97% accuracy. Your choice!
Action-based Scanning and Login Management
Action-based Scanning and Login Management
Use an embedded browser to explore/crawl the application as a user would – providing a user-view of the application, rather than a traditional traffic-view.
Like crawling, user login requires replaying actions performed by the user. These are recorded using the embedded recorder or the Activity Recorder browser extension. This enables a more correct exercising of the application to handle application logic. More advanced features support one-time passwords and third-party authentication.
Vulnerable Third-Party Component Detection
Vulnerable Third-Party Component Detection
Hackers target well-known vulnerabilities in popular libraries that you may have incorporated into your application. DAST together with vulnerable third-party component detection provide you with much more comprehensive vulnerability coverage, allowing you to identify (fingerprint) third-party libraries with known vulnerabilities and see those findings alongside all your DAST results.
OWASP Top 10 & OWASP API Security Top 10
OWASP Top 10 & OWASP API Security Top 10
The OWASP Foundation spearheads community-led, open-source projects to study and provide guidance in application security. HCL AppScan DAST technology contributes to our ability to offer 100% coverage for the most common vulnerabilities and security risks on both important benchmarks.
User Defined Tests
Create your own custom user rules to identify application specific issues or errors. You can examine traffic for unwanted content or behavior, create payloads and search for reflected behavior that indicates a problem, and even validate with external servers for known blind attacks.
Multi-Step Operations
Recorded multi-step and action-based multi-step operations enable testing of complex logical sequences in the application. Whenever a complex series of work needs to be accomplished before testing a particular page in a particular state, the sequence can be replayed to be in the correct state.
HCL AppScan Domain Name Server (ADNS)
Uncover non-reflected vulnerabilities using DAST by leveraging ADNS. Vulnerabilities such as remote command execution are difficult to find using standard DAST techniques. By leveraging ADNS and attempting to resolve one-off domains, we can detect even those undetectable issues.
Cross-Site Scripting (XSS) Analyzer
XSS analyzer is the world’s only systematic XSS detection module. Representing 500 million (!!) payload options, a cross-sites scripting vulnerability can be confirmed or discounted with an average of only 17 tests with nearly 100% accuracy!
Security and Compliance Reports
Generate XML & CSV reports for sharing with external tools. Create PDF or HTML reports to share with development teams or other security analysts. Create dozens of compliance and industry-standard reports.
Privilege Escalation
Test application role-based access and permissions using HCL AppScan’s Privilege Escalation component. Using scans from two or more different roles, HCL AppScan generates a report of all access control errors from lower permission users to restricted locations of the application.
Third-Party and Infrastructure Tests
Your code relies on third-party libraries and components. Test those with the 1000s of available CVE (Common Vulnerabilities and Exposures) tests, as well as with infrastructure tests that check your server configuration, SSL/TLS channels, and more.
Featured Resources
Wider Application Security Coverage with HCL AppScan DAST and Vulnerable Third-Party Component Detection
