13 October 2017

AppScan Source

AppScan Source identifies and eliminates vulnerabilities in web and mobile applications

HCL Security AppScan Source saves companies money and reduces risk exposure. This is because the solution identifies source code vulnerabilities in advance. This is done for web and mobile applications in the software development lifecycle so that they can be eliminated before deployment.

These enhanced mobile application analysis capabilities are also supported for the following application tests :

Mobile, native and hybrid web, including JavaScript, HTML5, Cordova, Java and Objective-C.

HCL AppScan Source also provides integration with IBM Worklight Studio and can also scan Worklight applications.

In addition, HCL Security AppScan Source offers the following benefits :

  • More powerful and cost-effective software security through source code analysis.
  • Improved information through integration with existing tools and processes (application development, integration creation, security monitoring).
  • Security best practices through centralised management and enforcement of security policies.
  • Reporting, governance and compliance capabilities to facilitate communication of security status and issues.

More powerful and cost-effective software security

The analysis of the source code allows :

  • Identify vulnerabilities and security flaws in source code during the early stages of the application lifecycle when they are inexpensive to fix.
  • Incorporate automated security into development by integrating source code security analysis and automated analysis into the Continuous Integration process.
  • Analyse, sort and manage security rules. This prioritises the assignment of results to security teams to eliminate vulnerabilities.
  • Perform rapid scans of over one million lines of code per hour and analyse the most complex enterprise applications.
  • Extend security analysis to Android and Apple iOS mobile applications.

Improved information through integration

Integration with existing tools and processes offers :

  • Access to incident tracking systems (DTS), software configuration management and continuous integration tools.
  • Better understanding of security through correlation of static and dynamic analysis results.
  • Supports a wide range of large and complex applications in multiple languages (adding languages is made easy with BYOL).
  • Open architecture to protect your existing investments.

 Best safety practices

Centralized management and enforcement of security policies allows :

  • Defines and enforces consistent policies that can be used across the enterprise.
  • Provides enterprise-level metrics and reporting with a centralized database of policies and assessments.
  • Provides audit and compliance reports that facilitate understanding of threat exposures for executive-level applications.

Reporting, governance and compliance features

The reporting, governance and compliance functionalities allow :

  • Clear visibility of security risks and compliance.
  • Access to over 40 security compliance reports, including PCI DSS (PCI Data Security Standard), PA-DSS (Payment Application Data Security Standard), ISO 27001 and ISO 27002, HIPAA, Gramm-Leach-Bliley Act (GLBA) and Basel II.
  • To have a major focus on mobile application security. This includes a report on the top 10 mobile risks from the Open Web Application Security Project (OWASP).
  • Support for custom report creation. This allows you to align with your organisation’s security best practices.

Legal information

HCL Privacy Policy

AppScan Standard Trial Agreement


Developers ! While coding, scan for vulnerabilities with CodeSweep !

Free download :

HCL AppScan CodeSweep is a free security tool designed for beginners and professionals who need a fast, simple and user-friendly program.

CodeSweep available in the IDE

How does it work ?

HCL AppScan CodeSweep allows developers to write more reliable code. Every time your code is checked in, CodeSweep will :

  • Find vulnerabilities.
  • Inform you about potential security issues and mitigation strategies.
  • Automatically fix your code when possible.


Fix Recommendations – Contextual

Provide remediation in parallel with code changes.

Developers deliver with confidence

Analyse before the Commit, resolve Defects as early as possible and ensure a more secure delivery.

CodeSweep for GitHub

How does it work ?

Add the HCL AppScan CodeSweep action to any GitHub project. Once installed, CodeSweep will :

  • Identify unsafe code in any Pull request.
  • Inform you of potential security issues and mitigations, allowing the team to collaborate on creating a fix.