Home
Configuring
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Scan Configuration Dialog Box
Parameters and Cookies view
Parameters and Cookies view of the Configuration dialog box.
Redundancy tuning
Careful redundancy tuning can significantly reduce scan time.

Configuring
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
- Scan Configuration Wizards
  You can quickly configure basic scans using the wizards.
- Scan Configuration Dialog Box
  - URL and Servers view
    URL and Servers view of the Scan Configuration dialog box.
  - Login Management view
    Login Management view of the Scan Configuration dialog box.
  - Environment Definition view
    Environment Definition view of the Configuration dialog box.
  - Exclude Paths and Files view
    Exclude Paths and Files view of the Configuration dialog box.
  - Explore Options view
    Explore Options view of the Configuration dialog box.
  - Parameters and Cookies view
    Parameters and Cookies view of the Configuration dialog box.
    - Parameter definition
      You can define parameters, cookies and headers that you want to exclude from being tested during scans.
    - Parameter names
    - Session IDs
    - Redundancy tuning
      Careful redundancy tuning can significantly reduce scan time.
      - Redundancy tuning options
        Redundancy tuning for parameters and cookies with special attributes, listed in Configuration > Parameters and Cookies.
      - Redundancy tuning defaults
        Redundancy tuning for parameters and cookies with special attributes, listed in Configuration > Parameters and Cookies.
      - Changing redundancy tuning defaults
        The default redundancy tuning setting is applied to all new additions to the list in Configuration > Parameters and Cookies, unless manually changed.
      - Changing redundancy tuning for a specific parameter
    - Custom Parameters tab
      The Custom Parameters tab of Parameters and Cookies view in the Configuration dialog box.
    - Custom Header tab
      The Custom Headers tab of Parameters and Cookies view in the Configuration dialog box.
  - Automatic Form Fill view
    Automatic Form Fill view of the Configuration dialog box contains the values used to fill forms in your application.
  - Error Pages view
    Error Pages view of the Configuration dialog box.
  - Multi-Step Operations view
    Multi-Step Operations view of the Configuration dialog box is for testing parts of the site that can only be reached by clicking links in a specific order.
  - Content-Based Results view
    Content-Based view of the Configuration dialog box. You can use this view to define a logical structure for the application tree, if AppScan® will not be able to do this based on URL structure.
  - Communication and Proxy view
    Communication and Proxy (if AppScan needs a proxy to access the tested application) view of the Configuration dialog box.
  - HTTP Authentication view
    HTTP Authentication view of the Configuration dialog box.
  - 3rd Party Authentication view
    3rd Party Authentication view of the Configuration dialog box lets you configure AWS settings.
  - Test Policy view
    Test Policy view of the Configuration dialog box shows details of the current test policy.
  - Test Optimization view
    Test Optimization uses AppScan’s intelligent test filtering to achive faster scans, when speed is needed, with minimal loss of issue coverage. You choose between four optimization levels depending on your needs.
  - Test Options view
    Test Options view of the Configuration dialog box.
  - Privilege Escalation view
    Privilege Escalation view of the Configuration dialog box lets you compare results for different user levels.
  - Scan Expert view
    Scan Expert view of the Scan Configuration dialog box.
  - Advanced Configuration view
    The Advanced Configuration tab of the Scan Configuration dialog box is used to change advanced registry settings that affect specific scans (Scan Configuration > Advanced Configuration tab), and it should only be used by experienced AppScan users, or when instructed to do so by the support team to troubleshoot a problem.
- Scan file structure
  Explains the basic structure of an AppScan Standard SCAN file.
- Scan templates
  A scan template is simply a scan configuration that has been saved so that you can use it again.
- Changing the configuration during a scan

Redundancy tuning

Careful redundancy tuning can significantly reduce scan time.

AppScan® tries to avoid sending more than one request when it is clear that no new information will be revealed. In many cases a difference in the value of a particular parameter is insignificant, and it is not necessary to send more than one request when all other parameters are the same and only that value is different.

Consider the following two requests:

.../doAction.pl?action=buy&timestamp=14:00&n=1

.../doAction.pl?action=buy&timestamp=15:30&n=1

The only difference between them is their Timestamp value.

In most cases it would be sufficient to send a single request using either of the configurations, and unnecessary to send them both. It is unlikely that the response to one of the requests would reveal any weakness that would not also be revealed by the other. You should therefore configure the Redundancy Tuning settings for the Timestamp parameter so that in cases like this only one of the requests will be sent.

See also:

Redundancy tuning options

Redundancy tuning defaults

Changing redundancy tuning defaults

Changing redundancy tuning for a specific parameter