Error Pages

Error Pages view of the Configuration dialog box.

When AppScan® gets a 404 error page in response to a test, it generally records the test as failed, since this response indicates that the site successfully recognized the request as illegal. In some cases the opposite is true, and the error page indicates a successful result. In both cases it is important that error pages are correctly defined so that AppScan® can recognize them as such.

Web applications and servers often use customized or dynamically generated 404 error pages that may be hard to recognize automatically. AppScan® attempts to recognize customized 404 error pages, but in some cases may not succeed in doing so. If it receives a custom error page and does not recognize it as such, it may record the result as positive, where in fact it should be negative, or the other way around. By default the Error Pages list includes standard error page definitions. For each definition type and value are shown.

If your application's error pages are not covered by the definitions in this list, you should add the necessary strings, regexps and URLs that will enable AppScan® to recognize your error pages. By doing this you can reduce the number of "false positives" in your scan results. There are two ways you can do this:
Important: Incorrect error page definitions may cause both "false positive" and "false negative" results, therefore when you add or delete error pages after the Test stage of a scan, the scan results should be updated.
  • For tests where the previous definition indicated the success of a test, results can be updated by clicking Apply to Current Results
  • For tests where the previous definition indicated the failure of a test, you must re-test.