How a security scan works

A security scan has two distinct phases: Explore and Test.

Explore phase

When you run a content scan job, the Explore phase begins:

  1. The scan crawls the application as a user would, beginning with the starting URLs you gave it in the job properties. It attempts to find every link in the application that has not been filtered out. Any restrictions on the scan, such as Scan Limits, are applied to the Explore process.
  2. A list of URLs within the application is created.
  3. The URLs are analyzed to provide the information required for conducting the security tests.

Test phase

The Test phase begins with the results of the Explore analysis. Based on this analysis, AppScan® Enterprise Server creates tests and then:

  1. Sends a fingerprint, which is a special request at the beginning of the scan that informs the webmaster that the next series of requests are for testing the web server against security issues.
  2. Logs in to every URL in the application that requires authentication.
  3. Performs preliminary tests on the URLs, which help interpret results.
  4. Tests URLs by sending requests designed to reveal security issues. It will re-send the request in many variants; approximately 40 per parameter. Some of these requests will be rejected by the server, but many of them will go through and be processed by AppScan® Enterprise Server.
  5. Records the response to each request, available on the About this Issue report. To open the About this Issue report, click the Issue number.
  6. Determines the test results.