Exploring with GSC

This is an example of a simple workflow for a SOAP web services scan.

Before you begin

In order to send tests to web services, GSC must be installed on your system. During AppScan installation you were asked if you want to install it. If you did not install GSC then, you can do so at any time by clicking on the GSC_Setup.exe file in your main AppScan® folder.

Procedure

  1. Open URL and Servers view of the Scan Configuration dialog box, and in the Starting URL field add one of the following:
    • The URL of the WSDL file
    • The path to the WSDL file on your local network, in the form:

      file////c:/mywsdlfile.wsdl

    Restriction: When the WSDL file is supplied locally, GSC is unable to extract the domain name from the file. Therefore if you chose the second option, you must provide GSC with the domain name in the Additional Servers and Domains area. For example: demo.testfire.net
  2. If relevant, select the Case Sensitive check box.
  3. Click OK to close the Scan Configuration dialog box.
  4. Click Scan > Explore web Services.

    GSC opens and a tree of the web services appears in the left pane. (Click the icons to expand the tree and see the individual web services.)

  5. Explore the services:
    1. Click on a service in the tree to select it.
      An interface appears in the right pane for sending requests to the service.
    2. In the Message tab in the right pane, type in the value to send.
    3. Click Invoke to send the request.

      The result is displayed in the main pane, and the request is added to the Call History pane at the bottom left of the screen.

    4. Repeat for additional services as required.
  6. When you have sent enough requests, close GSC.

    GSC closes and tests are created based on the data.

  7. To start the scan, click Scan > Test Only.

Results

When the scan is complete the results are displayed.

Example

See Security Issues