Scanning sites that use client certificates
AppScan 360° does not currently offer a way to configure a client certificate from the user interface or API, but you can use AppScan Standard 10.6.0 (or later) to do this.
However, there is limitation. When you save a scan template (SCANT
file) in AppScan Standard, the certificate is not saved in
the template. Refer to the following procedures to scan sites that use client
certificates.
To run a scan through AppScan
Connect:
- Configure the scan, including the client certificate, in AppScan Standard 10.6.0 (or later).
- In AppScan Standard, use the AppScan Connect feature to upload
the configuration to AppScan 360° and run the scan.Note: The certificate is saved in the scan template only when you use AppScan Connect. It is not included if you save directly as a
SCANT
file.
To run a scan through the API:
- In AppScan Standard, use AppScan Connect to download the
SCANT
file from AppScan 360° (described above). - Open the scan in AppScan Standard and save as a
SCANT
file.The client certificate is included in the file.
- Use the AppScan 360°
FileUpload
API to upload theSCANT
file and get a file ID. - Use this ID to create the DAST scan using the
DynamicAnalyzerWithFile
API.