Scan menu

Used to control the scan.

Command

Click to:

Full Scan

Start a full scan (Explore and Test stages) or continue a paused scan.

Pause

Pause current scan (whether Full Scan, Explore Only or Test Only). You can resume the scan later. You can also save a paused scan to continue at another time.

Re-Scan >

Rerun the current scan or scan stage. Select one of the sub-menu items:
  • Re-Scan Full (Explore + Test): Clear scan results, and run a full scan using the current configuration.
  • Incremental: Clear scan results, run a full Explore stage, and then:
    • Test only new parts of the application, or
    • Test new parts of the application and resend tests that revealed a vulnerability in the original scan - to those parts of the application where the vulnerability was found.
  • Re-Explore: Clear scan results and run an Explore stage only using the current configuration.
  • Re-Test: Clear Test results and run a new Test stage using the current configuration and Explore results.

Explore Only

Run an Explore stage only, without following it with the Test stage.

Manual Explore

Explore your site manually. See Using AppScan

Generic Service Client (GSC) >

Generic Service Client (GSC), can be used to send requests to web services for which you have a WSDL file. The requests and responses received are then used during the Automatic Test stage of the scan. Options are:
  • Open GSC Wizard: Configure a scan based on the web service's WSDL file
  • Launch GSC: Send your requests to the service using the simple interface
  • Download GSC

Test Only

Run a Test stage only (or continue a Test that was paused), without first running an Explore stage. This option is active only when there are already some Explore results.

Test Multi-Step Operations Only

If you have configured one or more Multi-Step Operations (see Multi-Step Operations view), and they constitute a significant subset of your site that you want to scan, you can test those sequences only. For details see Scan Multi-Step Operations Only

Note that Scan Expert does not run automatically before this function, even if configured to run before scans. If required, run it separately before Scan Multi-Step Operations Only (Tools > Run Scan Expert Evaluation).

Re-Test Issues Found

This option sends only the tests that revealed issues. This is a quick way of seeing whether issues found in the last scan have been fixed.

Clear All Scan Data

Delete all Explore and Test results, keeping only the Scan Configuration.

Change Host/Scheme/Port

If you have already recorded a login, multi-step operations, and/or a Manual Explore - and then the host, scheme or port of your Starting URL changes - requests and responses in these recordings must be updated and verified. Click Scan > Change Host/Scheme/Port to open a dialog box from which you can change the URL, and get AppScan to automatically update, verify and confirm the necessary changes.

The dialog box shows the steps being performed, and indicates when each step is successful. If the update process does not complete successfully, the dialog box indicates which step failed, and gives you the option to save the changes and proceed manually, or undo all changes.
Important: In some cases AppScan may update responses incorrectly, and part or all of the scan will fail. If that happens you will need to re-record the problematic procedures.
Note: Although Manual Explore data is updated, Automatic Explore data, and scan results, are deleted when you change the Starting URL.
Note: This option can be used to change only the host, scheme, or port of only the Starting URL. If you need to make other changes to the Starting URL, or change the host, scheme or port for one of the Additional Domains in the scan, you cannot use this option. Instead, save the scan as a template, and use that to create a new scan.

Run Scan Expert Evaluation

Scan Expert evaluates whether the current configuration is optimal for the application being scanned. (See Scan Expert)

This option runs a full evaluation: Scan Expert will briefly explore the application, analyze its responses, and suggest changes to the configuration to get the best results.

Run Scan Expert Analysis Only

This option runs only the Analysis stage, and is active only if there are already some scan results on which to base the analysis. Scan Expert will analyze the current results to determine whether the configuration is optimal.

Scan Configuration

Define the properties of a scan. See Scan Configuration Dialog Box