Understanding Test Optimization

This section describes how Test Optimization works and how best to incorporate it into your development lifecycle.

How it Works

A full regular AppScan® Enterprise scan typically sends thousands of tests and may take hours, in some cases days, to complete. During the early stages of development, or for a quick overall evaluation of the current security posture of your product, you can use Test Optimization to get the results you need in a shorter time frame.

AppScan’s intelligent test filters are based on statistical analysis, and select tests for the more common, severe and otherwise important vulnerabilities. AppScan updates keep your Test Optimization up-to-date with the latest optimization filters. Using Test Optimization can greatly reduce overall scan time when speed is more important to you than scan depth.

Test Optimization can be activated from both the AppScan Dynamic Analysis Client and API.

FAQs

Q: Does Test Optimization apply to all Test Policies?

A: Yes. Test Optimization filters Test Policies based on our statistical analysis of test results, that is regularly updated.

Q: Does Test Optimization filter out entire tests?

A: Not always. Sometimes it filters out only specific test variants.

Q: Is there any way for me to know exactly which tests, or variants, were filtered out of the Test Policy I selected?

A: This is not currently possible.

Q: Does Test Optimization change other configuration settings, and can I see these changes in the configuration dialog box?

A: Currently no configuration changes are made. This may happen in future AppScan releases, but if it does the changes made will be indicated.

Q: If it scans faster, why shouldn’t I always use Test Optimization?

A: Test Optimization is great when you need faster results, but it is not as thorough as a full scan. We recommend optimized scans when speed is important, but that you also back them up with full scans at regular intervals.

Q: Can I expect the results of two optimized scans on the same site to be identical?

A: Since our team is constantly analyzing and updating the settings, each AppScan update has improved optimization settings, and therefore even if the site is unchanged the results may not be identical. However it is unlikely that a test that revealed an issue in the earlier scan would be filtered out of the later scan.