Known issues and workarounds

These are known issues and their workarounds.

Table 1. Known issues and workarounds
Issue Workaround
Documentation update for this release is done in English only. Translation update into additional languages is deferred to a subsequent release.
Knowledge Center (KC) is updated with all the changes but product inline help is not updated in this release. NA
If the extended log file size is large ( beyond 2GB ), sometimes the download log file operation from Scan tab summary report might result in a 0KB zip file. In such instances, copy the file from the Logs directory in the AppScan Enterprise Agent server.
Removal of OWASP 2013 and support for OWASP 2017 Report: All report pack and report pack templates created prior to 9.0.3.9 will have OWASP 2013 report. If required, user must manually remove the OWASP 2013 report pack and add the new OWASP 2017 report.
When you edit a scan in the Dynamic Analysis Configuration Client, ensure that the scan you are editing is not running in AppScan Enterprise; otherwise it might suspend the job when you update the scan. On the Job Properties page of the Client, clear the Run job as soon as possible check box and then click Update Job.
Rendering Dojo functionality. Use Microsoft Silverlight with Internet Explorer 8.0 to properly render Dojo functionality.
When a scan job has only the recorded login (no Manual Explore or Starting URLs), the scan will not crawl below that page. Add at least one URL to the Manual Explore or starting URL of the What to Scan page.
If you upgrade a database from pre-8.8, and then click any existing job, the scan log will be empty. Run your jobs again to generate a new scan log.
When editing the Edit Application Profile Template page in IE 8/9, changes are not saved. Navigate away from the field you are editing and return to the page and save your changes. Alternatively, upgrade the browser to Internet Explorer 11 or FireFox 24.
JavaScript Analyzer (JSA) is turned off by default on scans, including upgraded scans. Enable JSA on the Security page of your content scan job.
For performance improvements on upgrading to 8.6.0.2, security tests are no longer sent against non-applicable content such as image files, documents, media files, etc. For more information on perfomance improvement, refer to http://www.ibm.com/support/docview.wss?uid=swg21618288.
There is a risk of performance degradation and false negative results when the firewall is deployed between the Agents and the website being scanned. AppScan Enterprise Server sends security tests that some firewall products could flag as suspicious network activity.
If the user-defined normalization rules results in an empty URL string, there is a risk of the scan not ending. When normalization rules are defined within the Job Properties, it is important to ensure that they result in a valid URL.
If Issue Management has been done on the reports, the Report Pack Summary report will be out of synchronization with the report data. The Report Pack must be re-run to synchronize the numbers when Issue Management tasks are completed.
Deleted reports are not immediately removed from the dashboard. The dashboard must be re-run for the change to take effect.
Connectivity issues and/or performance degradation may occur when using Manual Explore functionality in Internet Explorer. When using Manual Explore functionality in Internet Explorer, it is advised to enable the Internet/Advanced option for Use HTTP 1.1 through proxy connections
When sorting lists, the collation order may not work as expected for Danish, Japanese, and Chinese languages. .NET and SQL collations are used, as are locale-specific collations, but the product does not comply with ICU.

Running config wizard of ASE 9.0.3.12 (after upgrading security rules steps) gives below error message :

Unable to start Liberty server. Details: TRAS0038E: The system could not delete file \IBM\AppScan Enterprise\Liberty\usr\servers\ase\logs\trace.log

This error message occurs only when ASE is being upgraded from 9.0.3.x version to 9.0.3.12 with liberty trace log enabled (i.e enabling debug log from admin tab-UI).

Solution

  • Before upgrade to 9.0.3.12, please check in the existing ASE UI (Admin tab>General setting>Log setting>edit) if the logging is enabled. If yes, disable the log from admin tab.
  • Navigate to the location - ‘ASE installation directory’\HCL\AppScan Enterprise\Liberty\usr\servers\ase\logs\?
  • Delete all the log files which start with trace in the above directory.
  • Perform the ASE upgrade. The issue should not be encountered again.
  • If the issue is encountered while running config wizard, close config wizard.
    • Go to ASE installation directory’\HCL\AppScan Enterprise\Liberty\usr\servers\ase\logs\
    • Delete all the log files which start with “trace�? in the above directory.
    • Run config wizard from the beginning. It should resolve the issue.

ADAC job blackout does not work for jobs created before 9.0.3.11 until an edit save is performed on the job.

Root Cause: There was an issue in the application where the starting URL was not getting updated into the ASE database for an ADAC job. Since blackout reads the domain from the ASE database, it was causing blackout to not work for ADAC jobs. Since the starting URL is stored within the dast.config file, the existing jobs will have to be manually edited and saved for the URL to be stored into the ASE database.

  1. Edit an ADAC Job (Created before 9.0.3.11).
  2. Perform an update of the job.
  3. Blackout should work as configured (similarly to Content Scan job).
Search using StartingURL for the REST API get /jobs/search api works only for scan jobs created in and after 9.0.3.11 release. NA