CodeOne
Company
About Us
Company History
Major Certifications and Awards
Clients
Contact Us
Products
AppScan Management System
Sentinelle
Codeone Extinelle
HCL AppScan
HCL AppScan Standard
HCL AppScan Source
HCL AppScan Enterprise
IBM Security Qradar
IBM Security Qradar SIEM
IBM Security Qradar SOAR
IBM Security QRadar UBA
OpenText
Open Text Fortify Sonatype
Open Text Fortify SCA
Open Text Fortify SSC
Open Text Loadrunner
Group-IB
Group-IB ASM
Research
Security Research Lab
Research Areas
Research Lab Composition
Partners
IBM
HCL
OpenText
Paloalto
Group-IB
Services
System vulnerability diagnosis
Source code vulnerability diagnosis
Web Vulnerability Diagnosis
언어 선택

HCL

AppScan Standard

What is Appscan Standard?

HCL AppScan Standard네이버

HCL AppScan Standard is a dynamic application security testing (DAST) solution designed for security professionals and pen-testers.

It automatically identifies and tests security vulnerabilities in web applications and web services,

specialized in security to protect against web application attacks and incidents causing massive economic damage.

Product Introduction

Product Features

Recording

Exploration

Testing

ADNS

Usability

1. Sequence Recording

Using not only the AppScan Chromium browser provided by the product but also browsers installed on the PC with the solution (Chrome, IE, Firefox, Edge),

it recreates sequences based on browser actions and transmitted data, such as logins and multi-step operations,

supporting inspection of pages accessible through complex process structures through automatic login.

Product Introduction

Key Functions

Accommodating a Wide Portfolio of Web Applications

- Support for various web servers, application servers, databases, and third-party components

- Support for infrastructure and applications on all types of web operating systems (IIS, Apache, Netscape, etc.) and underlying technologies (ASP, PHP, AJAX, .NET, etc.)

점검 대상 환경 정의

Definition of scan target environment

애플리케이션, 인프라스트럭쳐,써드파티 컴포넌트에 대한 테스트 지원

Testing support for applications,
infrastructure, and third-party components

Convenience for Providing Quick Results

- Scan configuration wizard support for users without specialized security knowledge

- Manual exploration function for direct page navigation

- Multi-step operation function for recording page access sequences to test pages requiring complex configuration access

스캔 구성 마법사1스캔 구성 마법사2

[ Scan Configuration Wizard ]

수동 탐색

[ Manual Exploration ]

다단계 오퍼레이션

[ Multi-step Operation ]

Various URL Analysis Techniques for Accurate Web Application Exploration

- URL link extraction through HTML analysis

- Navigation features for exploring sites using new technologies like JavaScript, Session Storage, RIA, single-page applications (SPA), or Angular JS

- Page structure (DOM) filtering functionality to appropriately explore URLs and optimize scanning

- Control functions for URL extraction using duplicate path, depth limitation, and total page visit count limitation

스캔 구성 탐색 옵션

[ Scan Configuration Exploration Options ]

주기적인 취약점 업데이트 제공

[ Regular Vulnerability Updates ]

산업표준 , 규정준수 보고서 템플리트1산업표준 , 규정준수 보고서 템플리트2

[ Industry Standard, Compliance Report Templates ]

Product Introduction

Expected Benefits

Without policies and understanding of software development security, enterprises always face security incident risks.
Providing security testing that can be verified at all stages addresses application vulnerabilities and fundamentally solves security issues to deliver highly reliable services.

Before Implementation

Management

- Domestic and international compliance requirements

- Risk of security incidents

Security Manager

- Absence of secure development process

- Absence of internal standard security evaluation criteria

- Reliance on limited security personnel

- Methods to resolve vulnerabilities through collaboration with development teams

- Inefficiency of continuous inspection (cost, personnel, time)

Development Team

- Lack of security knowledge and information

- Absence of secure code standards

- Absence of security evaluation criteria

- Security inspection limitations across development environments

After Implementation

Management

- Domestic and international compliance capability

- Minimized security incident risk

Security Manager

- Established secure development process system

- Established internal standard security evaluation criteria

- Efficient security personnel operation

- Vulnerability response without development team collaboration

- Minimized cost, personnel, and time consumption for continuous inspection

Development Team

- Provision of security knowledge and information

- Provision of secure code standards

- Provision of security evaluation criteria

- Security inspection capability across development environments

Operational Efficiency

- Moving beyond setups using security expert groups to build smooth inspection system frameworks.

- Even users without specialized security knowledge can perform automated vulnerability tests that mimic hacker techniques by familiarizing themselves with inspection methods.

- Using inspection tools to configure detailed settings for each web application owned by clients and distributing these to allow other users to perform inspections according to the same criteria.

Enhanced Visibility for Security and Regulatory Compliance

- Integration with HCL AppScan Enterprise Report Console enables visibility of enterprise-wide risks and continuous updates on remediation progress.

- The inspection tool provides over 40 immediately available industry standard and security compliance report templates including OWASP, SANS/CWE, ISO 27001, ISO 27002, PCI DSS, PA-DSS, and Basel II, allowing inspection results to be generated and verified based on these templates at any time.