Scan Configuration Dialog Box

About this task

The Scan Configuration dialog box provides many options for configuring your scans. The main options are also available via the Scan Configuration Wizard, but using the dialog box is recommended when you want to change many of the default settings, or tweak an existing configuration.

Procedure

To open the Scan Configuration dialog box, click the Configuration icon Configuration icon on the toolbar (or press F10).

The Scan Configuration dialog box has different views, divided into four groups, that are accessed by clicking the relevant item in the view selection pane, on the left-hand side.

Note: If you stop a scan and change the configuration, changes will not affect requests already sent. To apply changes to the entire scan you must start a new scan.
Tip: You can change configuration options in more than one of the views, and then click OK to save all changes. (Your changes are kept as you navigate between the views, but only saved when you click OK.)

View

Select to configure:

Explore

URL and Servers view

Starting URL, system type, and additional servers

Login Management view

Set login method, record a login sequence (optional), and configure in-session detection

Environment Definition view

Provide information about the application environment

Exclude Paths and Files view

Paths and file types to exclude from the scan

Explore Options view

Scan limits, link extraction methods and general Explore method

Parameters and Cookies view

Identify session IDs and list parameters to exclude from the scan

Automatic Form Fill view

Provide AppScan® with valid parameter values for filling forms

Error Pages view

Add strings, regexps and URLs to identify custom error pages

Multi-Step Operations view

Record and manage multi-step operations that are required to reach parts of the application

Content-Based Results view

For applications that do not have a hierarchical URL structure, such as single entry-point applications, define how AppScan arranges the site tree.

Connection

Communication and Proxy view

Configure communication timeout and proxy server settings

HTTP Authentication view

Add server-level authentication and client-side certificates, if required by the application

Test

Test Policy view

Define and edit test policy (which tests are sent to the application)

Test Optimization view

Apply Test Optimization at times in the product lifecycle when a fast scan is more important to you than scan depth.

Test Options view

Additional test options

Privilege Escalation view

Refer AppScan to scans run using different user privileges, to discover privileged resources that are available to users with insufficient privileges

Malware view

Test for malicious links.

General

Scan Expert view

Configure Scan Expert behavior and modules

Advanced Configuration view

Configure advanced scan options