Error Pages
Error Pages view of the Configuration dialog box.
When AppScan® encounters a 404 error page in response to a test, it generally marks the test as failed. This is because a 404 response suggests that the site has correctly identified the request as illegal. However, there are instances where the opposite holds true, and the error page indicates a successful result. In both scenarios, it is important to accurately define error pages so that AppScan can appropriately recognize them.
Web applications and servers often use customized or dynamically generated 404 error pages that can be challenging to automatically recognize. While AppScan attempts to identify customized 404 error pages, there may be instances where it fails to do so. If AppScan encounters an error page and is unable to recognize it, it may incorrectly register the result as positive when it should be negative, or vice versa. The Error Pages list, by default, encompasses standard error page definitions, each displaying the location and value.
If your application's error pages are not covered by the definitions in this list, you should add the necessary strings or regular expressions that will enable AppScan® to recognize your error pages within the response content, path or both. By doing this, you can reduce the number of "false positives" in your scan results. There are two ways you can do this:
- You can define the error page manually before scanning. See Define a new error page
- If you have completed the Explore stage, you can set a URL that was discovered as an error page. See Set an error page
- For tests where the previous definition indicated the success of a test, update the results by clicking Apply changes to current results
- For tests where the previous definition indicated the failure of a test, you must re-test.