Incremental scans

An Incremental scan can save time by utilizing the results of an earlier scan (a base scan), and testing either:
  • Only new parts of the application, or
  • New parts of the application and also those parts of the application where a vulnerability was previously found (sending only the tests that revealed the vulnerability).
An Incremental scan runs the explore stage configured for the scan, and compares the explore data to that of the base scan, to identify what is new. This is followed by a test stage that offers the two above two options.
Tip: Incremental scanning can be very useful if you want to run frequent scans, but it is recommended to run full scans from time to time, in case new bugs occur in previously error-free parts of the site.
Note:
  • Incremental Scan support is currently available using the REST API only.
  • Incremental Scan feature is applicable only to scans created through ADAC or AppScan Standard.
  • Incremental Scanning can be used for scans based on automatic explore or recorded traffic.
To run an Incremental scan use the following REST API:
  • post /jobs/{jobId}/actions..
The following three new optional parameters are added to support this feature:
  • isIncremental – Enables a scan to run in Incremental scan mode. (default is FALSE).

  • isRetest – Defines whether or not the scan retests issues found in the base scan. (default is FALSE).
  • baseJobId – Scan ID of the base scan. (default is -1, which indicates current scan).

For more details on the parameters refer to the AppScan Enterprise swagger documentation: https://<host>:<port>/ase/api/pages/apidocs.html.