Multi-Step Operations

Multi-Step Operations view of the Configuration dialog box is for testing parts of the site that can only be reached by clicking links in a specific order.

This view is used when parts of the application can only be reached by sending requests in a specific order.

Consider, for example, an online shop where the user visits pages in the following order:

Page 1: User adds one or more items to a shopping cart

Page 2: User fills in payment and shipping details

Page 3: User receives confirmation that the order is complete

Page 2 can be reached only via Page 1. Page 3 can be reached only via Page 1 followed by Page 2. This is a sequence. In order to be able to test Pages 2 and 3, AppScan® must send the correct sequence of HTTP requests before each test.

In the case of the above example you would record a single sequence: Page 1 > Page 2 > Page 3. AppScan® would extract the necessary sub-sequences from this sequence, as required. (When testing Page 2 it would send a Page 1 request first; when testing Page 3, it would send Page 1 followed by Page 2.)

Note: It is suggested that the number of multi-step operations be limited to five, with no more than 25 steps in any one operation, and no more than 70 steps altogether.
Note: Configuring multi-step operations should not be mistaken for manual exploring, and should only be used in cases like the one described above. For more details see Manual Explore


Setting Details

Record

Click to record a new sequence.

For applications, see Using a browser

For web services see Using an external client

export button | import button | minus button

Export a sequence (as an SEQ file) for use with a different scan; import a sequence (SEQ file) exported from a different scan; delete the selected sequence from the current scan.

Playback Method

When you record a multi-step operation, AppScan records both the actions and the requests. You can select which of them will be used for the scan:
Request-based playback
Sends the raw HTTP requests from the recording. This method is usually faster.
Action-based playback
Replays the clicks and keystrokes of the user. Reasons for selecting this method could be that the site includes a lot of JavaScript, or that some of the requests in the request-based playback were marked with a red X when you attempted to validate them. This method can increase scan time.
Request-based playback is the default method.
Note: If the scan is configured not to use a browser other than the embedded browser (Tools > Options > Use external browser), request-based playback is always used.
Note: If you load a sequence that was recorded in a version of AppScan that did not support action-based playback, request-based playback is used for that sequence, even if action-based playback is selected.

Sequence Name

The name of the sequence that is selected in the List of Sequences.

The check box next to each name indicates if the sequence is enabled for this scan.

Sequence

Shows the links in the selected sequence.
  • Click Validate to check that the sequence is valid. AppScan replays the sequence, and any requests that receive a response different to the original response are marked with a red X, indicating that they will not be tested.
    Note: A common reason for requests receiving a different response is the presence of a dynamic sequence variable that needs to be defined, see Sequence variables
  • View any link in the sequence by selecting it and then clicking the browser button
  • Delete any link in the sequence by selecting it and clicking minus button. After doing this click Validate to check that the sequence still keeps in-session.
  • Right-click on one or more of the steps in the Sequence pane and select Don't Test. They will still be included when playing the sequence, but will not be tested individually.

Allow play optimization

(Request-based playback only) When selected (default) AppScan® attempts to optimize scan time by avoiding unnecessary playback. You should not disable this setting unless you find that AppScan® is missing parts of the application due to play optimization.

Test in Single-Thread mode

AppScan® may send two or more requests simultaneously, if they don't require the replaying of a sequence between them. If this results in parts of the application being missed, select this check box.

Sequence Variables

Lists variables that were received while recording the sequence(s), and indicates those that AppScan® has determined should be tracked. These may be session IDs or other variables. You can change the status of variables in this list to improve how AppScan® deals with them (for details see Sequence variables).