Home
AppScan Presence
An AppScan Presence on your server enables you to scan sites not accessible from the Internet, and to incorporate scanning as part of your functional testing.
Legacy AppScan Presence
This section describes the legacy version of the AppScan Presence, V1. This version will be supported only until October 1, 2022.

AppScan Presence
An AppScan Presence on your server enables you to scan sites not accessible from the Internet, and to incorporate scanning as part of your functional testing.
- System requirements
- Creating the Presence
  For private web apps, or for including a scan as part of your functional testing procedure, you must create an AppScan Presence, with access to the web app or back-end server, and to the Internet. Proxy connections are supported.
- Starting the Presence
- Configuring Private Site Server proxy
  If your private network requires the Private Site Server to use a proxy to connect with the web app or back-end server (internal proxy), or with the Internet (outgoing proxy), configure it as follows.
- Configuring a PAC file
  If a proxy auto-config (PAC) file is required in order to reach the various domains in your site, configure the AppScan Presence as follows.
- Renewing the Presence key
  When you originally download the presence, it includes a key to activate it. When that key expires, you must replace it with a valid key.
- Log files
- Upgrading to the new AppScan Presence
  If you already have a V1 AppScan Presence installed and you want to upgrade to V2, follow these instructions.
- Legacy AppScan Presence
  This section describes the legacy version of the AppScan Presence, V1. This version will be supported only until October 1, 2022.
  - System requirements for the legacy Presence
  - Creating the legacy Presence
    For private web apps, or for including a scan as part of your functional testing procedure, you must create an AppScan Presence, with access to the web app or back-end server, and to the Internet. Proxy connections are supported.
  - Starting the legacy Presence
  - Activating the Proxy Server
    To use the Proxy Server in the AppScan Presence, you must activate it, and configure the port.
  - Using the Proxy Server
    You can use the AppScan Presence Proxy Server to record traffic, save it as a DAST.CONFIG file, and import it to run an ASoC scan. You can optionally encrypt this file, as described in a sub-section below.
  - Configuring Private Site Server proxy (legacy Presence)
    If your private network requires the Private Site Server to use a proxy to connect with the web app or back-end server (internal proxy), or with the Internet (outgoing proxy), configure it as follows.
  - Configuring a PAC file (legacy Presence)
    If a proxy auto-config (PAC) file is required in order to reach the various domains in your site, configure the AppScan Presence as follows.
  - Renewing the Presence key (legacy Presence)
    When you originally download the presence, it includes a key to activate it. When that key expires, you must replace it with a valid key.

Legacy AppScan Presence

This section describes the legacy version of the AppScan Presence, V1. This version will be supported only until October 1, 2022.

The legacy AppScan Presence (V1) includes two components, a Private Site Server for scanning private sites, and a Proxy Server for incorporating scanning as part of your own functional testing. You should use this version if you require the DAST proxy, otherwise you are encouraged to download and use the current Presence (V2).

Private Site Server: For web apps that are not accessible from the Internet you must create an AppScan Presence, with access to the web app or back-end server, and to the Internet, to be able to scan. Then follow the regular instructions for dynamic scanning. Proxy connections are supported.
Proxy Server: In the world of DevOps it's increasingly important to be able to incorporate security scans in the functional testing process for your web apps. If you use an automation framework (such as Selenium), you can take advantage of the scripts that are already written to create tailor-made scans. The requests from the automation framework to the web app are sent through the Proxy Server proxy. The server records the traffic and saves it as a .config file. You then upload the file to be used by Application Security on Cloud as Explore data for a scan. You can also send traffic through the automation server proxy manually, to create a .config file.

See also: