Request-Based tab

Scan Configuration > Explore Options > Request-Based tab.

In this tab you configure settings that affect Request-Based Explore. This tab is active only if the Request-Based Explore Method is selected in the Main tab.
  • JavaScript™ and Flash options determine whether ADAC should ignore or scan these scripts.
  • Explore Mode determines whether AppScan® explores all links on a page before continuing to the next page, or explores each new link as it is found.
  • WebSphere Portal are for configuring the client to recognize a specific server encoding and to send a specific user-agent header.
  • Flash determines how Flash content will be treated.
Setting Details
JavaScript
Parse JavaScript code to discover URLs AppScan will parse JavaScript code as text data to collect links.
Execute JavaScript to discover URLs and dynamic content AppScan will actually execute JavaScript code and analyze the results to collect links, including dynamic links that may not be discovered by parsing alone. (This utilizes more system resources than parsing.)
Note: This option is now cleared by default, due to the proven efficiency of Action-Based JavaScript Execution.
Execute JavaScript when replaying login If the application's login page uses JavaScript code, this check box must be selected in order for AppScan to be able to login during scanning.
Explore Mode
Breadth First (Default) AppScan explores page by page, exploring all links on one page before continuing to the next.

It is recommended that you do not change the default selection of this option (Breadth First), unless you are aware of limitations in your application that demand that a user visits links in a specific order.
Depth First AppScan explores link by link, exploring each new link as it is found.

If you change the Explore Method to Depth First, you must also change AppScan to use only one thread during the Explore (in Configuration > Communication and Proxy view).

WebSphere® Portal
Enable WebSphere Portal scanning

If the site is a WebSphere Portal site, AppScan will need to get URL decoding information from the site for more efficient scanning and to build a useful application tree. To enable decoding, select Enable WebSphere Portal scanning.

If the context root URL does not follow the default format, click Add Context Root URL to add one or more context root URLs.
Tip: If you are not sure what your portal's context root URL is:
  1. On the computer where WebSphere Portal is installed, open the wkplc.properties file in the wp_profile_root/ConfigEngine/properties directory.
  2. The context root value is specified by the WpsContextRoot property.
Tip: When scanning a WebSphere Portal site, it is recommended to use the predefined WebSphere Portal scan template, which is configured for the purpose.
Flash
Parse Flash to discover URLs AppScan will parse Flash code as text data to collect links.
Execute Flash files to discover potential vulnerabilities AppScan will actually play Flash files and analyze the results to collect links, including dynamic links that may not be discovered by parsing alone. (This utilizes more system resources than parsing.)
When Flash Execution is selected, three Flash execution limits can also be configured. These are:
  • Depth Limit: The maximum number of "clicks away from the initial screen" that can be clicked before the scanning of any particular Flash movie is stopped and the scan moves on.
  • Click Limit: The maximum total number of clicks that can be made before the scanning of any particular Flash movie is stopped and the scan moves on.
  • Screen Limit: The maximum number of unique Flash states allowed before the scanning of any particular Flash movie is stopped and the scan moves on.