HCL has announced a major update to its automated application security testing and management tool. AppScan 10 is designed to provide faster and more accurate security scans, secure DevOps and help enterprises manage application security problems.
“AppScan V10 is another example of HCL Software’s commitment to unlocking new value in a battle-tested product that thousands of customers count on. Every day, it’s used to detect and remediate vulnerabilities, and comply with regulations and security best practices,” said Darren Oberst, CVP and head of HCL Software.
According to Eitan Worcel, product manager at AppScan, a lot of work has been done in making people understand they can use AppScan as part of their DevOps initiatives. AppScan is designed to secure apps with little or no disruption to development. Some of the new capabilities around DevOps includes Interactive Application Security Testing capabilities designed to help teams expand testing beyond Static Application Security Testing, Dynamic Application Security Testing and Software Composition Analysis. In addition, AppScan 10 features out-of-the-box integrations into DevOps toolchains and AppScan CodeSweep, a new community edition plugin for finding vulnerabilities during development.
In order to provide more accurate scans, the latest version also adds artificial intelligence capabilities and can increase test coverage while reducing false positives with AppScan Source.
The company is also introducing the concept of BYOL (Bring Your Own Language) with this release. According to Worcel, BYOL will allow users and partners to expand the support for new languages.
In addition, AppScan 10 will be able to identify parts of the application that were changed since the last csan and only test those changes so testing can be sped up.
For enterprise management, the latest release features the ability to prioritize vulnerabilities based on business risk, scale security to development teams, and measure and optimize development and security remediation with HCL UrbanCode Velocity.
“We wanted to make sure the technology we had was better suited for developers,” said Worcel. “We aren’t a ‘feel good’ tool that allows you to say you are doing app security by using minimal pattern-based testing. We want to provide real security value.”