Explore with guidance
The Explore with guidance feature lets you crawl specific parts of your application, filling in fields and forms as you go, to "guide" AppScan 360° to those areas, ensuring that they are tested in the DAST scan, and that AppScan 360° has the information needed to complete forms correctly and, if necessary, to browse links in a specific order.
Use Explore with guidance when specific user input is required, or when a site responds only to a different type of tool or device.
- Using the AppScan Activity Recorder (an extension for your Chrome or Edge web browser)
- Using the HCL AppScan Traffic Recorder (may be most suitable in the case of web APIs)
DAST.CONFIG
file.- As the Explore stage of the scan, and test only the parts of the application it includes
- In addition to an automatic Explore stage, so AppScan 360° explores the application automatically and tests both your recording and its own explore data.
- Use Manual Explore in AppScan Standard,
save as a
SCAN
file, and upload the file to AppScan 360° to create a scan. Manual Explore in AppScan Standard corresponds to Explore with guidance in AppScan 360°.
Explore with guidance applies to DAST scans only. Your
DAST.CONFIG
file is uploaded and guidance configured in the
Explore stage of the scan wizard. See DAST scan configuration >
Explore step.
For details of how to record the traffic, see Recording traffic.
Multistep explore
Multistep explore is a specific type of guided explore, where you not only show AppScan 360° which links to crawl, but the specific order in which to crawl. Use multistep for testing parts of the site that can be reached only by sending requests in a specific order, such as an online shop where the user adds items to a cart before paying for them.
- User adds one or more items to a shopping cart.
- User fills in payment and shipping details.
- User receives confirmation that the order is complete.
DAST.CONFIG
) where you browse . AppScan 360° would extract the necessary
sub-sequences from this sequence, as required: when testing Page two it would send a
page one request first; when testing page three, it would send page one followed by
page two.Multiple DAST.CONFI
G files
You can upload more than one file for a single scan. If activated, the Multistep setting is applied to all the files, see DAST scan configuration > Explore step.