We are hosting two web applications on Azure Cloud and utilizing Kubernetes for orchestration. Both applications are deployed using Docker containers and are performing security scans with HCL AppScan. However, we’ve encountered an issue where Application 2 seems to be penetrable during the scan, whereas Application 1 does not Here are the details for both applications: Application 1: Frontend: React (with NPM) Backend: Python (Flask) Database: MySQL Deployment: Docker container orchestrated with Kubernetes Application 2: Frontend: Angular (with NPM) Backend: Java (possibly Spring Boot) Database: PostgreSQL Deployment: Docker container orchestrated with Kubernetes AS of now , we do not have firewall enabled , we use NSGs and have whitelisted the port numbers of the VAPT vendor . The HCL app scanner can scrawl thru the application 2 but not applicaiton 1. We are doing VAPT tests for our application ,hence would need help on this . Please guide.

HCL app scanner tool unable to access our web application

chitra manju 60

We are hosting two web applications on Azure Cloud and utilizing Kubernetes for orchestration. Both applications are deployed using Docker containers and are performing security scans with HCL AppScan. However, we’ve encountered an issue where Application 2 seems to be penetrable during the scan, whereas Application 1 does not

Here are the details for both applications:

Application 1:
- Frontend: React (with NPM)
  - Backend: Python (Flask)
    - Database: MySQL
      - Deployment: Docker container orchestrated with Kubernetes
      - Application 2:
        
        Frontend: Angular (with NPM)
        
        Backend: Java (possibly Spring Boot)
        
        Database: PostgreSQL
        
        Deployment: Docker container orchestrated with Kubernetes

AS of now , we do not have firewall enabled , we use NSGs and have whitelisted the port numbers of the VAPT vendor .

The HCL app scanner can scrawl thru the application 2 but not applicaiton 1. We are doing VAPT tests for our application ,hence would need help on this .

Please guide.

Markapuram Sudheer Reddy 515 Reputation points Microsoft Vendor

2025-02-05T17:13:04.1433333+00:00

Hi chitra manju ,

Thank You for reaching out to Microsoft Q&A forum.

Ensure that Application1 configured with HCL App Scan doesn't have endpoint configuration issues.

Please verify the pre-defined policies configured with the Application1 for a scan and also please verify the custom polices in detail if they are applied.

If your application has a login credentials, provide credentials in scan configuration, so that after login into application only scan starts.

Please check below documents for more information:

https://help.hcl-software.com/appscan/ASoC/asd_scanning_CM.html

https://help.hcl-software.com/appscan/Enterprise/10.7.0/topics/c_best_practices_scan.html

https://help.hcl-software.com/appscan/Standard/9.0.3/en-US/t_InSessionProblemsWorklflow.html

If the information is helpful, please click on "Upvote"

If you have any queries, please do let us know, we will help you.
Markapuram Sudheer Reddy 515 Reputation points Microsoft Vendor

2025-02-07T03:54:06.53+00:00

Hi chitra manju,

I just wanted to check, if you found time to see my response. If the information is helpful, please click on "Upvote"

If you have any queries, please do let us know, we will help you.

Share via

HCL app scanner tool unable to access our web application

Your answer