Parameters and Cookies

Parameters and Cookies view of the Configuration dialog box.

This view is used to manage three main functions:
  • Exclude specific parameters, cookies and headers from scans
  • Control the default treatment of parameters and cookies ("redundancy tuning")
  • Define parameters and cookies that have a special format which ADAC might not recognize on its own
  • Define custom headers

Setting

Description

See

Parameters and Cookies tab

Lets you view, add, edit and delete global parameters that require non-default treatment.

For example, your application may have parameters and cookies whose values you do not want AppScan® to manipulate during tests. To make sure that ADAC does not change these parameters and cookies, exclude them from tests. For example, your application might lock a user session if certain cookie or parameter values are changed. You should exclude these parameters from manipulation. If you do not exclude them, ADAC may not be able to successfully complete the scan, as these cookies will lock ADAC out of the application.

During the Explore stage, AppScan® automatically detects cookies and HTML parameters that are likely to be session IDs and adds them to the list in this tab. You can manually add cookies and parameters that you know to be session IDs.

The columns in this tab are defined in the table below.

Note: The Hide/Show template items button lets you filter out items that originated in the scan template, which may not be relevant to the current scan.

Parameter definition

Redundancy Tuning Defaults

This link (at the bottom of the Parameters and Cookies tab) lets you access and edit the default redundancy tuning applied to all parameters, whether discovered by AppScan® or defined by the user.

Note: Changing the specific redundancy tuning of an individual parameter is done as part of Parameter definition

Changes to the defaults are not applied retroactively to parameters that have already been defined. This must be done manually for each parameter.

Redundancy tuning

Custom Parameters tab

Lets you add, edit and delete parameters with a custom format that ADAC might not otherwise recognize as such.

Advanced: Custom Parameters tab

Custom Headers tab

Lets you define non-standard (custom) HTTP header formats. AppScan® must be able to identify parameters in response content and correctly add them to headers it sends to the site, in order to be able to test the site effectively.

Custom Header tab

Parameters and Cookies tab fields

The following table summarizes the fields in this tab.

Heading

Options and description

Type

Parameter / cookie / custom parameter

Name

Tracking

How to track this parameter/cookie:
  • As a login value
  • As a dynamic value
  • As a fixed value
  • Don't track it at all

Test Exclude

Defines whether or not to exclude this parameter/cookie from testing during the Test stage of the scan.

Redundancy Tuning

  • Default: The default redundancy tuning is applied to this item
  • Custom: The redundancy tuning for this item is different to the current default

Source

Shows from where ADAC obtained this item:
  • Scan template: Originated in the scan template
  • Login session ID: From the login sequence recorded by the user
  • Multi-step sequence variable: From a sequence recorded by the user
  • Scan Expert [module name]: From the specified Scan Expert module
  • Explore Optimizer: From the Explore Optimizer extension
  • User-defined