AppScan Standard

Key Features

• Data Import:

  • Import applications, scan summaries, and application-vulnerable items into your Centraleyezer instance either on-demand or based on pre-configured automated schedules.

  • Supported formats: XML.

• Detailed Findings:

  • Complete request/response information for DAST vulnerabilities is provided by Centraleyezer.

• Risk Scoring:

  • Configurable severity value for HCL AppScan Standard (DAST findings) assessments, which can be adjusted based on organizational risk policies.

• Selective Data Import:

  • Supports configuration filters based on status, scan type, and severity for selective data import.

Considerations

• The plugin supports mapping one HCL AppScan Standard Server with one Centraleyezer instance. Configuring a different AppScan Standard Server in the plugin will overwrite previously imported data.

Requirements

System Requirements

Centraleyezer Prerequisites:

• Latest version of the Centraleyezer Vulnerability Management Platform is recommended.

AppScan Standard Prerequisites:

• HCL AppScan Standard version 9.0.3 or newer.

Permissions and Roles

• HCL AppScan Standard user access for DAST scan information.

• Permissions must be assigned to “admin” for import mappings.

Release Notes

Version 1.0.0

• Mapped vulnerabilities from HCL AppScan during DAST scans with the following fields:

  • Name: IssueType

  • CVE: Cve

  • CVSS: Cvss

  • CWE: Cwe

  • Asset: Constructed from scheme, domain, and path.

  • Severity: Severity

  • CVSS3 Score: cvss3_score

  • Protocol: protocol (defaults to ‘N/A’ if not specified)

  • Port: Port (defaults to 0 if not specified)

  • Targets: Includes location, element type, and element details.

  • Import Vulnerability ID: IssueTypeId

  • Permissions: Required to access import mappings.