Configuring Explore Optimization

This dialog box is used to activate and configure the Explore Optimization module.

Apart from activating the module, in most cases you do not need to change any other configurations. Some should not be changed at all without guidance from Support, as indicated below.

This dialog box is opened from Tools > Extensions > Explore Optimization: Configure.

Note: If you make changes to these settings and then create a new scan, all settings will revert to their defaults, except the check box setting.

Name

Description

Checkbox

Run Explore Optimizer automatically during scans

When selected the module runs automatically when you run either Explore Only or a Full Scan, whenever the "Minimum links to start" limit (below) is reached.
Important: This setting applies to all scans. Other settings in this dialog box apply to the current scan only.
Default: Cleared
Note: If you start a scan from the command line interface (CLI), Explore Optimization does not run automatically even if configured.
Note: If your scan configuration includes Manual Explore data or a multi-step operation, Explore Optimization does not run automatically even if configured, though you can run it manually (Tools > Extensions > Explore Optimization Module > Run).
Scan Configuration

Anchor rewrite rules to the right

Consider URLs such as these:

http://...php/1/index
http://...php/2/index
http://...php/3/index

When the module creates the custom parameter:

If this is set to False, the parameter created will be:

php/([^/.]+)

If this is set to True, the parameter created will be:

php/([^/.]+)/index

Default: False

Confidence margin percentage

Change this only if instructed by Support.

Delimiters used in URL rewriting

Add any custom delimiters that your application uses.

Maximum depth for start of line pairs

Change this only if instructed by Support.

Maximum phase time (mins)

Maximum time for a phase of Explore Optimization to run.

Merge rewrite rules to the left

Change this only if instructed by Support.

Minimum links to start module

Minimum number of links in Explore stage data (including unvisited URLs) needed for the Explore Optimization module to start automatically, if the Run Explore Optimizer automatically during scans check box is selected.
Note: Even if this setting is changed, the notice suggesting that you activate the module appears when 1,000 links are reached in the Explore stage.

Default: 1,000

Name/Value pair delimiters

Specify any custom delimiters used by your application.

Navigational parameter names

Partial matches for navigational parameter names, separated by single spaces.

Navigational parameter values

Partial matches for navigational parameter value patterns, separated by single spaces.

Remove unused delimiters

Change this only if instructed by Support.

Default: True

Run navigational parameter detection

When True, the module attempts to identify navigational parameters by name or value. It sets the Redundancy Tuning configuration for these parameters to the strictest level, and reduces the default setting that is applied to all other parameters. This enables AppScan to test navigational parameters more thoroughly than before, while safely treating all non-navigational parameters less thoroughly.

Setting this value to True can greatly improve both accuracy and performance, however you should carefully review the results to make sure that scan coverage was not affected.

Default: False

Switch complexity limit

If a specific folder contains more subfolders than this limit, AppScan will assume that the subfolders are dynamic parameter values and do not require individual scanning.

Note: The value entered here is also used as a threshold value for running Explore Optimization manually. If less links have been discovered than the amount entered here, the module will not run.

Default: 20