Home
Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Scan Configuration Dialog Box
Login Management view
Show AppScan® how to log in to your application.
Advanced tab
Scan Configuration > Login Management > Advanced tab.

Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
- Scan Configuration Wizards
  You can quickly configure basic scans using the wizards.
- Scan Configuration Dialog Box
  - URL and Servers view
    Configure the Starting URL for the svcan, and any additional servers and domains to be included.
  - Login Management view
    Show AppScan® how to log in to your application.
    - Login tab
      Scan Configuration > Login Management > Login tab.
    - Review & Validate tab
      Scan Configuration > Login Management > Review & Validate tab
    - Session IDs tab
      Scan Configuration > Login Management > Session IDs tab.
    - Advanced tab
      Scan Configuration > Login Management > Advanced tab.
  - One-Time Password (OTP) view
    If required by your application, configure AppScan® to use OTP when logging in.
  - Environment Definition view
    Environment definition is not essential, but enables AppScan® to safely refrain from sending non-relevant tests during the scan, resulting in a faster and more accurate scan.
  - Exclude Paths and Files view
    You can configure AppScan to ignore certain paths in the application, or specific types of file.
  - Explore Options view
    Define scan limits, link extraction methods and the general Explore method.
  - Parameters and Cookies view
    Identify session IDs and list parameters to exclude from the scan.
  - Automatic Form Fill view
    Provide AppScan® with valid parameter values for filling forms in your application during the scan.
  - Error Pages view
    Add strings, regular expressions and URLs to identify your application's custom error pages.
  - Multi-Step Operations view
    Record and manage multi-step operations that are required to reach specifica parts of the application that could otherwise be missed.
  - Content-Based Results view
    Define a logical structure for the application tree, if AppScan® will not be able to do this based on URL structure.
  - Communication and Proxy view
    Configure communication timeout and proxy server settings.
  - HTTP Authentication view
    Add server-level authentication and client-side certificates, if required by the application.
  - 3rd Party Authentication view
    3rd Party Authentication view of the Configuration dialog box lets you configure AWS settings.
  - Test Policy view
    Define and edit the collection of tests that will be sent to the application during testing; the test policy.
  - Test Optimization view
    Apply optimization for faster scans at times in the product lifecycle when speed is more important to you than scan depth.
  - Test Options view
    Additional test options.
  - Privilege Escalation view
    Refer AppScan to scans run using different user privileges, to discover privileged resources that may be accessible to users with insufficient privileges.
  - Advanced Configuration view
    This view gives you access to many advanced registry settings and it should only be used by experienced AppScan users, or when instructed to do so by the support team to troubleshoot a problem.
- Scan file structure
  Explains the basic structure of an AppScan Standard SCAN file.
- Scan templates
  A scan template is simply a scan configuration that has been saved so that you can use it again.
- Changing the configuration during a scan

Advanced tab

Scan Configuration > Login Management > Advanced tab.

The Advanced tab of Login Management view is used to advanced login settings and logout page detection.


Setting	Details
Advanced Login Settings	Allow login even if the application is already logged in: To save scan time, AppScan sends multiple login requests without logging out in between. Deselect this check box only if your application does not allow this. Number of failed login attempts before user is locked out: If your application will lock a user out after a certain number of failed login attempts, select this check box and configure the number. AppScan will send valid login requests between failed requests to ensure this threshold is never reached, as further scanning would then be impossible.
Logout Page Detection	AppScan® uses a regexp to identify log out pages. This helps it to scan more efficiently by trying to avoid getting logged out too often, and having to log in again. It is also used to identify logout pages when you configure the scan to not test login/logout pages (see Test Options view), and to logout when needed as a part of some security tests. This is the default regexp: `(logout\|signout\|logoff\|signoff\|exit\|quit\|invalidate)` If any of the indicators in this regexp appear in the URL, AppScan® assumes the page is a logout page, and therefore that it is currently logged in to the application. Note: AppScan may add to this expression when you record a Login procedure, if it identifies additional indicators. You can add further indicators as necessary but be sure to follow the regular expression syntax rules. Note: The Expression Test PowerTool (Tools > Expression Test ) can be useful to verify the syntax of your regular expressions. If you need additional help you may find the following link useful: http://www.regular-expressions.info/quickstart.html