start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
start portlet menu bar end portlet menu bar
Close
Select Page
Secure DevOps
  | August 5, 2020

ESG Report Validates How HCL AppScan Helps Developers to Continuously Secure Applications

Eitan Worcel
Eitan Worcel
Product Lead, AppScan
ESG Report Validates How HCL AppScan Helps Developers to Continuously Secure Applications

Introduction

In a recent Technical Review of HCL AppScan, analyst firm Enterprise Strategy Group (ESG) evaluated and analyzed how AppScan helps developers to continuously secure applications. ESG also evaluated how AppScan can easily be integrated into CI/CD pipelines and support DevSecOps initiatives, to provide organizations with continuous application security at scale.  

ESG’s Methodology 

To thoroughly evaluate AppScan’s application security testing capabilities, ESG followed the general steps that are outlined below: 

  1. ESG defined and associated security policies with an applicationusing HCL AppScan on Cloud’s user interface.  
  2. Then, ESG associated security policies with the application.  
  3. Next, ESG evaluated AppScan’s scan and analyze capabilities, by integrating AppScan into a DevSecOps toolchain 
  4. After evaluating AppScan’s “scan and analyze” capabilities, ESG created a manual dynamic scan and reviewed scan results using the AppScan console.  
  5. Finally, ESG evaluated AppScan’s reporting capabilities 

AppScan’s Impact on DevSecOps  

ESG found that AppScan integrated into four main aspects of DevSecOps:  apps

  • Policy definition, where security and regulatory professionals define and associate policies with an application.  
  • Scan and analyze, when developers use static analysis to “shift security left,” so that they can identify vulnerabilities in code early in their CI/CD pipelines. Dynamic and interactive testing similarly help developers to identify vulnerabilities in running applications.  
  • Vulnerability Remediation, the process that permits developers to review and fix vulnerabilities. ESG found that AppScan’s machine learning accelerated remediation by grouping and prioritizing related vulnerabilities and by identifying potential fixes and fix locations in source code.  
  • Reporting, a key component of the DevSecOps process, where security and regulatory professionals and organizational management can continuously monitor their security and compliance progress.  

You can review all of ESG’s key findings- including benefits that you can achieve by incorporating AppScan into a DevSecOps model- by downloading the complimentary report now.  

Why Application Security Matters to You  

In the closing “Why This Matters” section of its report, ESG summarized the benefits of an effective Application Security Testing program, which I’ve captured verbatim below:  

Integrating and automating application security testing into the DevSecOps methodology enables the identification and correction of cybersecurity vulnerabilities earlier in the application development lifecycle, which enhances security and increases efficiency. It also helps to alleviate challenges faced by skilled cybersecurity teams, which are often much smaller than development teams, as they try to keep up with the increasing pace DevSecOps demands. 

ESG validated that HCL AppScan simplified and accelerated application security testing. With just a few clicks, ESG defined security policies and configured AppScan to test our application for a set of security vulnerabilities and compliance with benchmarks and regulations. ESG found configuring and running on-demand scans to be just as quick and easy, and results from static and dynamic analysis were presented quickly in a concise and consistent interface. 

To Learn More

In addition to downloading ESG’s complete reportyou can watch my companion video with ESG analyst Dave Gruber, where Dave and I spotlight the elements of a truly state-of-the-art Application Security Testing solution.  

Video image
Comment wrap
Eitan Worcel
Eitan Worcel
Product Lead, AppScan
Eitan Worcel has nearly 15 years of experience in Application Security, both as a developer and as a product manager in AppScan's product suite. He has worked with a wide range of customers, assisting them in their quests to build secure web applications. Eitan now leads HCL AppScan’s product management group, managing technological advancement for one of the most comprehensive application security offerings on the market.
Read more

Topics in this article:

Application SecurityApplication Security TestingAppScanAppSeccontinuous deliveryContinuous IntegrationDevOpsDevSecOps

Submit a Comment

Your email address will not be published. Required fields are marked *

* HCL provides software and services to the U.S. Federal Government through its partner Four, Inc. Please contact Four, Inc. at the U.S. Federal Government contact page.


appscan
Secure DevOps | December 20, 2023
Secure Application Code Against Vulnerabilities Faster with HCL AppScan Fix Groups
Stop in for an update on how HCL AppScan helps find vulnerabilities and security risks, starting with built in AI that dramatically reduces the number of scan findings and practically eliminates false positives.
Uffe Sorensen
Itay Levin
Design Lead for HCL AppScan
appscan
Secure DevOps | December 5, 2023
HCLSoftware Named a Strong Performer in The Forrester Wave™ - Static Application Security Testing, Q3 2023
HCLSoftware has been named a strong performer in The Forrester Wave™ - Static Application Security Testing, Q3 2023 Report. Read the blog to know more.
Uffe Sorensen
Adam Cave
Product Marketing Manager, HCL AppScan
appscan
Secure DevOps | September 7, 2023
HCL AppScan 360º Integrations with Jenkins and Azure DevOps Provides Powerful DevSecOps
Discover how HCL AppScan 360º provides a self-managed application security testing platform for on-prem or private cloud deployment, with integrations for industry-leading CI/CD tools like Jenkins and Azure
Uffe Sorensen
Parimal Sureshagarkhed
Lead Software Engineering
start portlet menu bar end portlet menu bar