Importing user-defined tests from AppScan Standard

AppScan® Standard provides a database of thousands of tests. However, if your web application has issues that are specific to it, or if you want to write your own advisories for fixing issues, you can create your own tests. These tests are saved and included in your AppScan database of tests. You can also export them as a *.udt file to import into AppScan Enterprise.

Before you begin

Create and export a *.udt file from AppScan Standard v9.0.3.4.

About this task

Each test looks for one specific issue. For example, one test modifies a path in a request; another test modifies user input to include a character that should be invalid. For each test you can define multiple conditions:
  • Filter: What conditions must be met to run the test.
  • Modification: What are the changes that are made to the request.
  • Validation: What conditions must be met for the test result to be considered positive.

Procedure

  1. Go to Main menu > Administration > User Defined Tests.
  2. Browse to the location of the *.udt file and import it. It appears in the list of tests on the page when the import was successful.
    Note:
    1. Each *.udt file can contain many user-defined tests.
    2. Give each file a unique name to avoid conflicts.

Results

If they are discovered in subsequent content or import scans, user-defined tests appear as Issue Types in the Security Issues report.