Importing an action-based login file from AppScan Standard

The action-based login capability in AppScan Standard produces the user's actual actions in the browser, rather than just the requests, and replays the sequence in the browser. Take advantage of this capability by creating an action-based login in AppScan Standard and importing it into AppScan Enterprise to help avoid out-of-session events during scanning.

About this task

Whenever AppScan detects that it is out-of-session, it replays the login sequence that was recorded. When action-based login is enabled, more information than this is saved in the scan, and AppScan reproduces the actual clicks performed by the user each time it logs in. In most cases, this results in:
  • Better identification of session IDs
  • Better execution of JavaScript code
  • Better identification of login credentials

Procedure

  1. In AppScan Standard:
    1. Click Create New Scan in the welcome screen, and clear the Launch Scan Configuration Wizard check box in the New Scan screen.
    2. In the Predefined Templates section of the screen, click Regular Scan.
    3. In the main user interface, click Configuration, and enter a Starting URL that is used when your browser recording begins.
    4. On the Login Management screen, click Record.
    5. Log in to your application with your user name and password, and then close the recording window to complete your login recording.
      Note: Do not sign out before you close the window.
    6. Wait for the analysis of your login to complete, and then select the Details tab. Click Export and save the file.
  2. In AppScan Enterprise (as a Standard User):
    1. On the Login Management page of your job configuration, click Recorded > Add Login Sequences. On the Record Login Sequence page, click Use manual explorer tool or AppScan Standard login sequence file > Browse to where you saved the login file from AppScan Standard. Click Import > Save.
  3. In AppScan Enterprise (as a QuickScan User):
    1. Click Import Traffic on the Setup tab of the QuickScan job.
    2. On the Import Traffic Data page, select an option (or use the default), click Choose File > Import and go to where you saved the login file.
      Tip: If you do not see the Import Traffic button on the page, enable it by clicking your user name to edit your user properties. Make sure that the Use the browser plugin to record URLS in QuickScan instead of importing traffic data file check box is not selected.