HCL AppScan 为开发人员、DevOps 和安全团队提供了一套技术方案,用于精准定位应用程序漏洞,确保在软件开发生命周期的每个阶段实现快速修复。
文件大小:509.8 MB
HCLAppScan Standard 是 HCL AppScan 应用安全测试套件中的渗透测试组件,专用于测试 Web 应用程序和服务。它采用先进的检测方法与技术识别安全漏洞,为抵御网络攻击威胁提供防护支持。
HCLAppScan Standard 是一款动态分析工具,通过模拟黑客攻击手法在应用程序运行时评估其安全性。测试结果包含丰富的多维数据,涵盖应用资产清单、可复现验证与修复的具体攻击流量等。用户可通过界面直接分析处理数据,或导出多样格式以适配其他工具。
AppScan 除具备前沿测试能力外,还集成了多项增效功能:
预置 40+ 合规性报告模板,满足通用及行业规范要求
通过 AppScan 扩展框架实现定制化,或基于 AppScan SDK 直连既有系统
内置优化机制精准定位高风险模块中的潜在漏洞
该工具可显著降低站点部署前的攻击风险与数据泄露隐患,并为生产环境持续提供动态风险评估。
技术支持范围
部分站点技术可能影响扫描效果,但大多数服务端技术(与浏览器无感知交互的)对扫描无干扰。
作为黑盒测试(DAST)工具,AppScan 采用与浏览器同源的扫描机制。客户端技术如 JavaScript 会影响扫描进程,因此产品内置真实浏览器环境以完整解析网页,覆盖主流技术支持。特殊扫描阶段可能需要额外配置以理解元素上下文信息。
支持 WebSocket 登录录制与回放验证。
HCL AppScan 为开发人员、DevOps 和安全团队提供了一套技术来查明应用程序漏洞,以便在软件开发生命周期的每个阶段进行快速修复。
File size: 509.8 MB
HCLAppScan Standard is a penetration-testing component of the HCL AppScan application security testing suite, used to test web applications and services. It features cutting edge methods and techniques to identify security vulnerabilities to help protect applications from the threat of cyber-attacks.
HCLAppScan Standard is a Dynamic Analysis tool, evaluating application security at runtime by attacking the application using techniques analogous to methodologies used by hackers. The result of the tests includes a rich set of data ranging from application inventory to detailed attack traffic which can be reproduced for validation and fix. This data can be examined and processed in the UI or exported in various formats for sharing in other tools.
Beyond the cutting-edge testing facilities AppScan includes additional capabilities to help you run your testing program as efficiently as possible. Some of these are:
General and regulatory compliance reporting, with over 40 different templates available out-of-the-box
Customization and extensibility through the AppScan eXtension Framework, or by direct integration into existing systems using the AppScan SDK
Built-in optimization mechanism to help focus the test for the most likely issues in the most likely parts of your application
AppScan Standard helps you decrease the risk of web application attacks and data breaches both before site deployment and for ongoing risk assessment in production.
Supported technologies
Some technologies used by your site might affect AppScan’s ability to scan it, while others do not affect the scan at all.
AppScan is a “Black-Box” (DAST) tool, and scans your site using the same mechanisms as a browser. Therefore, in general, server-side technologies that are transparent to a browser are also transparent to AppScan, and do not affect the scan.
Client-side technologies such as JavaScript and the HTTP protocol itself, do affect AppScan. For successful scanning, AppScan utilizes an actual browser, embedded in the product, to process webpages just like a commercially available browser. This ensures support of all common technologies. Occasionally additional configuration might be required to help AppScan understand the context of an element, for proper processing beyond simple browsing, usually specifically for the Test stage of the scan.
WebSocket login recording and login playback are supported.
扫码免费下载
