Step 2: Running the scan

About this task

When configuration is complete, you can run the scan.


  1. Select Start a full automatic scan, then click Finish.

    The wizard closes and Scan Expert starts to evaluate the effectiveness of the current configuration for your site. When the evaluation is complete, a checklist of suggested configuration changes appears.

    Note: If there are changes that require user input, their check boxes are grayed out and deselected. To provide the required input for these changes, click the link for that change.
  2. Click Apply Recommendations.

    The selected configuration changes are applied and scan starts. The Progress Panel opens, and Application Data and Issues are updated in real-time.

    During the Explore stage, AppScan crawls your application to discover its pages and content. The Application Data tree is updated as this happens, and eventually shows a complete tree of the site. Then, during the Test stage, AppScan runs thousands of tests on the site and reports the issues found and fix recommendations. During this part of the scan, Security Issues view is selected automatically and the Result List displays a dynamically updated list of discovered issues.

    A scan can have multiple phases (a phase is a cycle of Explore followed by Test). This happens when AppScan discovers new links during the test stage, and needs to a scan, it will create new tests based on these links, and run an additional scan phase. The subsequent phase is usually shorter than the previous one, as only the new links are scanned. AppScan will add phases as long as it finds new URLs, or until it has reached the configured "scan limit". The default limit is four phases.

    When the scan is complete, the Progress Panel closes, and you can review the results (see Step 3: Reviewing Scan Results).