Home
Configuring
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Scan Configuration Dialog Box
Parameters and Cookies view
Parameters and Cookies view of the Configuration dialog box.
Session IDs
Session IDs within the URL
How to track a Session ID that is embedded in the URL Path.

Configuring
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
- Scan Configuration Wizards
  You can quickly configure basic scans using the wizards.
- Scan Configuration Dialog Box
  - URL and Servers view
    URL and Servers view of the Scan Configuration dialog box.
  - Login Management view
    Login Management view of the Scan Configuration dialog box.
  - Environment Definition view
    Environment Definition view of the Configuration dialog box.
  - Exclude Paths and Files view
    Exclude Paths and Files view of the Configuration dialog box.
  - Explore Options view
    Explore Options view of the Configuration dialog box.
  - Parameters and Cookies view
    Parameters and Cookies view of the Configuration dialog box.
    - Parameter definition
      You can define parameters, cookies and headers that you want to exclude from being tested during scans.
    - Parameter names
    - Session IDs
      - Session IDs within the URL
        How to track a Session ID that is embedded in the URL Path.
    - Redundancy tuning
      Careful redundancy tuning can significantly reduce scan time.
    - Custom Parameters tab
      The Custom Parameters tab of Parameters and Cookies view in the Configuration dialog box.
    - Custom Header tab
      The Custom Headers tab of Parameters and Cookies view in the Configuration dialog box.
  - Automatic Form Fill view
    Automatic Form Fill view of the Configuration dialog box contains the values used to fill forms in your application.
  - Error Pages view
    Error Pages view of the Configuration dialog box.
  - Multi-Step Operations view
    Multi-Step Operations view of the Configuration dialog box is for testing parts of the site that can only be reached by clicking links in a specific order.
  - Content-Based Results view
    Content-Based view of the Configuration dialog box. You can use this view to define a logical structure for the application tree, if AppScan® will not be able to do this based on URL structure.
  - Communication and Proxy view
    Communication and Proxy (if AppScan needs a proxy to access the tested application) view of the Configuration dialog box.
  - HTTP Authentication view
    HTTP Authentication view of the Configuration dialog box.
  - 3rd Party Authentication view
    3rd Party Authentication view of the Configuration dialog box lets you configure AWS settings.
  - Test Policy view
    Test Policy view of the Configuration dialog box shows details of the current test policy.
  - Test Optimization view
    Test Optimization uses AppScan’s intelligent test filtering to achive faster scans, when speed is needed, with minimal loss of issue coverage. You choose between four optimization levels depending on your needs.
  - Test Options view
    Test Options view of the Configuration dialog box.
  - Privilege Escalation view
    Privilege Escalation view of the Configuration dialog box lets you compare results for different user levels.
  - Scan Expert view
    Scan Expert view of the Scan Configuration dialog box.
  - Advanced Configuration view
    The Advanced Configuration tab of the Scan Configuration dialog box is used to change advanced registry settings that affect specific scans (Scan Configuration > Advanced Configuration tab), and it should only be used by experienced AppScan users, or when instructed to do so by the support team to troubleshoot a problem.
- Scan file structure
  Explains the basic structure of an AppScan Standard SCAN file.
- Scan templates
  A scan template is simply a scan configuration that has been saved so that you can use it again.
- Changing the configuration during a scan

Session IDs within the URL

How to track a Session ID that is embedded in the URL Path.

About this task

If AppScan does not track session IDs correctly it will frequently fall out of session. This section describes how to track a session ID that is embedded in the URL.

Session ID: abc34f3fa135

URL containing session ID: http://domain.name/dir/subdir/abc34f3fa135/anotherdir?param=val

Procedure

Create the rule for recognizing this custom parameter:
1. Open Scan Configuration > Parameters and Cookies > Custom Parameters
2. Click to add a new custom parameter.
3. In the Reference Name field, enter a name for the custom parameter rule.
4. In the Pattern field, enter a regular expression that describes the parameter format. Example: (abc[a-zA-Z0-9]+)
5. Leave Value Group Index and Name Group Index unchanged.
6. In the Location field, select Path.
7. Click OK to save the changes.
Configure AppScan to track this custom parameter:
1. Open Scan Configuration > Parameters and Cookies > Parameters and Cookies
2. Click to add a new parameter.
3. Set the Type to Custom Parameter.
4. Select the Reference Name you assigned in the previous step.
5. Select the Track this parameter during the scan check box.
6. Set Track Type to Login Value or Dynamic Value as appropriate.
7. Click OK to save the changes.
If the recorded login sequence includes a URL that contains this in-path session ID, you must record the login again so that AppScan can track the Session ID.
Run a full Re-Scan or Re-Explore as needed.