Exclude Paths

Exclude paths and files view of the Configuration dialog box.

You can filter the scope of the automatic Explore stage by adding URLs (full paths, which may include queries) or Regular Expressions to the Exclude Paths list. Possible reasons for doing this may be:

  • Because they are still under development and you know they are problematic and do not want to scan them right now
  • Because you know they are not problematic and you want to reduce scan time
  • To reduce scan time by restricting the scan to certain parts of the application

For any path defined, you can optionally limit the filter to one or more specific parameters. A possible reason for doing this may be:

  • For megascript applications (applications contained in a URL, and controlled by its parameters) where you want to exclude certain parameters (such as the login or log out parameter) from scans.

There are two types of entry in this table:

  • Exclude: Listed paths are excluded from the scan.

    Any link that matches a path configured to be an exclusion is filtered out of the scan.

    Note: You can also exclude a path by right-clicking on it in the Application Tree, and selecting Exclude from Scan.
  • Exception: Use to include a specific directory within a path that was excluded higher up in the list.
    Note: The Exception function is only needed if you want to include a directory that is within a path that you have excluded. For example, if you have excluded: https://demo.testfire.net/bank you could then add https://demo.testfire.net/bank/transfer.aspx as an Inclusion, lower down in the list, to include that subdirectory in scans.
    Note: If you add Exclusions between the Explore and Test stages of scanning, AppScan® will not test the excluded paths even though they were explored.

Adding new exclusions or exceptions