Test policy
The AppScan Standard Default Test Policy is used when running scans from the AppScan 360° user interface, but other policies can be applied with imported scans, or scans run from the API.
The number of possible AppScan tests for a site can reach the thousands. Rather than manually filter the large number of tests and test variants, AppScan Standard lets you set a general policy for the type of test you do or do not want to run on your application.
Predefined test policies
Policy Name |
Description |
---|---|
Default |
Includes all tests except invasive and port listener tests. |
Application-Only |
Includes all application level tests except invasive and port listener tests. |
Infrastructure-Only |
Includes all infrastructure level tests except invasive and port listener tests. |
Third-Party-Only |
Includes all third-party level tests except invasive and port listener tests. |
Invasive |
Includes all invasive tests (tests which might affect the server's stability). |
Complete |
Includes all AppScan tests. |
Web Services |
Includes all REST and SOAP related tests except invasive and port listener tests. |
The Vital Few |
Includes a selection of tests that have a high probability of success. This can be useful for evaluating a site when time is limited. |
Developer Essentials |
Includes a selection of application tests that have a high probability of success. This can be useful for evaluating a site when time is limited. |
Production Site |
Excludes invasive tests that might damage the site, or tests that might result in Denial of Service to other users. |
See also: Test Optimization FAQ