Home
Tools
This section explains how to use additional tools provided with HCL AppScan Standard.
User-Defined Tests
Validation
In this step you define the conditions that indicate the test succeeded.

Tools
This section explains how to use additional tools provided with HCL AppScan Standard.
- Options dialog box
  This section describes options you can control, to customize AppScan, from the Options dialog box (Tools > Options).
- Web Services Wizard extension
  This extension lets you scan using Open API description files. It is available from Tools > Extensions > Web Services Wizard (Open API), and the extension is enabled by default.
- Scan Scheduler
- User-Defined Tests
  - User-Defined Test wizard
    The User-Defined Test wizard lets you create user-defined tests for AppScan to use when scanning, in addition to the tests it creates automatically.
  - Test Type
    In this step you define the kind of test you are creating. This affects which wizard steps are displayed.
  - Filter
    In this step you define the conditions which must be met to run this test. Only requests that match the conditions will be tested.
  - Modification
    In this step you define the changes that will be made to the original request, to create the test request.
  - Validation
    In this step you define the conditions that indicate the test succeeded.
  - Advisory
    In the Advisory and Advisory Continue steps, you input the text content of the Advisory that will appear in the scan results and reports. All fields are optional.
  - Completing the wizard
    When you have defined the new test, click Finish to add it to the list.
- PowerTools
  AppScan offers access to five utilities (PowerTools), each providing a specific feature to help you manage your application security or to help you use AppScan.
- Customizing the Tools menu
- Extensions
- Logs
  Logs can help you troubleshooting.
- Searching Results
  You can filter the Result List in any of the views, for specific data.

Validation

In this step you define the conditions that indicate the test succeeded.

Click Add to add another Single or Group filter.
When adding more than one item, you must specify the logical relation between them: All, Any or None.
In most cases the validation is applied to the response to the test request, and this is the default behavior. However in the case of certain vulnerabilities, for example Stored Cross-Site Scripting, the validation must be done on the response to a different request. In that case select the second radio button (Run this validation on the response to the following request), and then define the request.
Tip: For more control over the URL definition, for example if you need to overwrite the body, or specify GET or POST, click Edit Request.

When done, click Next to move to the next step.

Example

For an example, see the Filter step.