HCL AppScan Standard 10.0.7.28150 Full Activated - CyberSecurity Tools
HCL AppScan Standard Full Activatedhttps://i.ibb.co/SymjZT1/HCL-App-Scan-Standard-Full-Activated.jpg
is a Dynamic analysis checking out device designed for protection experts and pen-testers to use whilst acting security assessments on net applications and internet offerings
It runs computerized scans that explore and check internet packages and consists of one of the maximum powerful scanning engines inside the international
Checking out your web programs before deployment and constantly assessing their risks in your manufacturing environment can help save you luxurious web utility security breaches.
New in HCL AppScan Standard 10.0.7New and improved user experience:
[*]New home page to start your scans
[*]Navigation bar on the left of the screen gives you fast access to the main steps in your workflow
[*]Dashboard gathers together essential scan data, and updates in real-time as the scan runs
[*]Issues and Tasks views are consolidated into the new Issues view
[*]Responsive UI design
[*]Redesigned scan log.
[*]Redesigned Options dialog box (Tools > Options)
[*]Select your work preference for light mode or the new dark mode
See highlights of the practical changes here.
[*]
[*]OS Support: Windows Server 2022 (Enterprise and Pro), and Windows 11
[*]TLS 1.3 is supported (for the two new operating systems only)
[*]MFA: Support for TOTP and URL-generated OTP (see Configure OTP)
[*]Export security issues to CSV format (see Export to CSV)
[*]New Industry Standard reports:
[*]"CWE/SANS Top 25 Most Dangerous Errors" has been replaced by "CWE Top 25 Most Dangerous Software Weaknesses 2021"
[*]"OWASP TOP 10 - 2021"
Fixes and security updatesNew security rules in this release include:
[*]attApacheHttpPathTraversalUnix - Path traversal vulnerability in Apache HTTP Server (CVE-2021-41773)
[*]attZencartRemoteCommandExecutionAdns - Authenticated RCE on ZenCart (CVE-2021-3291)
[*]attApacheHttpPathTraversalUnix - Apache HTTP Server Path traversal and RCE (CVE-2021-42013)
[*]attAPIBrokenFunctionLevelAuthorization - API Security Rule on Broken function level authorization (Check with Original request with other HTTP Methods)
[*]attConfluenceRemoteCommandExecutionAdns - Confluence Server Webwork OGNL injection (CVE-2021-26084) using ADNS
[*]attAPIMassAssignment - API Security Rule on Mass Assignment (request with admin parameters/objects and gain access)
[*]attAPILackResourcesRateLimit - API Security Rule on Lack of resources and Rate Limiting (set larger values for the request parameters which puts the server under stress)
[*]attCSRFinGraphQL - Detect CSRF vulnerability in GraphQL endpoints
[*]attCSPInjection - Detect if website is vulnerable to CSP policy injection
[*]attAPIImproperAssetsManagement - API Security Rule on ImproperAssets Management (Request for unexposed paths)
[*]attAPIImproperAssetsManagementDomain - API Security Rule on ImproperAssets Management (Request for unexposed domains)
[*]attbootstrapXSS - Outdated Bootstrap rule detection
For a complete list of fixes, updates, and RFEs in this release see AppScan Standard Fix List.
Removed in this release
[*]Scan Expert
Upcoming changesThe following will be removed in a future release:
[*]The Web Services, The Vital Few, and Developer Essentials test policies will be removed, as similar results can now be achieved using other policies (see here)
[*]The old UI is accessible in this release but will be removed altogether in a future release (see here)
下载链接
链接: https://pan.baidu.com/s/1aRU7iJ_Mx8kmfTnw9mJLqA?pwd=kasa
提取码: kasa
另一个链接
https://www.upload-4ever.com/d4f9w56mxf1t
来源: https://www.Dr-Farfar.com/hcl-appscan-standard/
谢谢
好东西,感谢分享! HCL 应用扫描标准版 10.0.7 中的新增功能
新的和改进的用户体验:
用于开始扫描的新主页
屏幕左侧的导航栏可让您快速访问工作流程中的主要步骤
仪表板收集基本扫描数据,并在扫描运行时实时更新
“问题”和“任务”视图合并到新的“问题”视图中
响应式 UI 设计
重新设计的扫描日志。
“重新设计的选项”对话框(“工具”>选项)
选择浅色模式或新深色模式的工作首选项
在此处查看实际更改的要点。
操作系统支持:Windows Server 2022(Enterprise 和 Pro)和 Windows 11
支持 TLS 1.3(仅适用于两个新操作系统)
MFA:支持 TOTP 和 URL 生成的 OTP(请参阅配置 OTP)
将安全问题导出为 CSV 格式(请参阅导出为 CSV)
新行业标准报告:
“CWE/ SANS前25大最危险的错误”已被“CWE 2021年最危险的25大软件弱点”所取代
“OWASP TOP 10 - 2021”
修补程序和安全更新此版本中的新安全规则包括:
attApacheHttpPathTraversalUnix - Apache HTTP Server 中的路径遍历漏洞 (CVE-2021-41773)
attZencartRemoteCommandExecutionAdns - ZenCart 上的身份验证 RCE (CVE-2021-3291)
attApacheHttpPathTraversalUnix - Apache HTTP Server Path traversal and RCE (CVE-2021-42013)
attAPIBrokenFunctionLevelAuthorification - API 安全规则 on Broken function level authorization(使用其他 HTTP 方法与原始请求一起检查)
attConfluenceRemoteCommandExecutionAdns - Confluence Server Webwork OGNL 注入 (CVE-2021-26084) 使用 ADNS
attAPIMassAssignment - 关于批量分配的 API 安全规则(使用管理参数/对象的请求并获得访问权限)
attAPILackResourcesRateLimit - API 缺乏资源和速率限制的安全规则(为请求参数设置更大的值,使服务器处于压力之下)
attCSRFinGraphQL - 检测 GraphQL 端点中的 CSRF 漏洞
attCSPInjection - 检测网站是否容易受到 CSP 策略注入的攻击
attAPIImproperAssetsManagement - API 关于不当资产管理的安全规则(请求未公开的路径)
attAPIImproperAssetsManagementDomain - API 关于不当资产管理的安全规则(请求未公开的域)
attbootstrapXSS - 过时的引导规则检测
有关此版本中的修复程序、更新和 RFE 的完整列表,请参见 AppScan 标准修订列表。
在此版本中删除
扫描专家
即将发生的更改在将来的版本中删除以下内容:
Web 服务、少数重要内容和 Developer Essentials 测试策略将被删除,因为现在可以使用其他策略实现类似的结果(请参阅此处)
旧 UI 在此版本中可访问,但在将来的版本中将被完全删除(请参阅此处) 好东西,虽然用不上感谢分享!
多谢楼主分享 辛苦楼主,感谢分享。 辛苦楼主,感谢分享。
好东西,楼主威武,感谢分享
页:
[1]