Web Services Wizard extension

This extension lets you scan using Open API description files. It is available from Tools > Extensions > Web Services Wizard (Open API), and the extension is enabled by default.

This AppScan extension supports web service scans based on Open API (v2 and v3) description files (JSON or YAML). The steps below show the wizard workflow. Click the step name to see details for that step.
Note: This extension explores web services only. Any other links are ignored.
Note: Using API keys as HTTP query parameters is not supported.
Table 1. Web Services Configuration workflow
Step Step Name Description
1 Description Files Add one or more Open API description files that define the web service.
2 Domains Domains found in the description files are added to the list of domains that can be scanned. In this step you can remove any that should not be scanned.
3 Login Management Define the login procedure for the web service.
4 Sequences Review the requests created from the description files, and their parameters, and create "sequences" of requests that must be sent in a specific order.
Important: Correctly constructed sequences of requests are essential to enabling AppScan to create objects that depend on the previous creation of another object.
5 Parameters Review all the parameters found in the requests. You can select which parameters are tracked and which are not tracked, and edit their values.
6 Complete When configuration is complete decide whether to start the scan now or later.

Additional task:

After completing the wizard configuration, a possible additional task (depending on your service) may be configuring Custom Headers in the main AppScan Configuration dialog box. For details, see Sequence variables.