Sequences

Review the list of requests created from the description files (and their parameters), and define "Sequences" of requests that must be sent in a specific order (objects that depend on other objects being created first).

Requests

The Left pane of the Requests tab shows you a list of all requests created from the definition files; for each one its Method and Path. Select any request to see:
  • Upper-right pane: A list of the parameters in the request, with their Name, Type, Location and Value. You can also click the Edit icon to see its Description, and edit its Value, Track the parameter, and Apply the Value change to all similar parameters.
  • Lower-right pane: The raw HTTP request, including headers etc., exactly as it will be sent. You can click the Send button to send the request and see the response in the lower part of the same pane.
  • Exclude a request from the scan by Right-click > Exclude Request. The request appears with a strikethrough. To re-include it right-click again use Right-click > Include request.

Sequences

Correctly constructed sequences, expressing dependencies between objects, are important tools in scanning a web service thoroughly. When a request to create a particular object depends on another object having been created previously, the right sequence of requests must be configured.
To configure a sequence:
  1. In the Requests tab, click on the first request in the sequence to select it.
  2. Click and hold down the Control key, and select the remaining requests in their correct order. Then release the Control key. All requests in the sequence now appear selected.
  3. Enter a name for the sequence in the Name field, and then click Create Sequence.
  4. Click on the Sequences tab to see:
    • Left pane: All configured sequences. Each sequence can be enabled for the scan or disabled to save for another scan, by selecting or clearing the Enabled check box.
    • Upper-right pane: The URLs recorded in the selected sequence. You can use the Up/Down arrows to change the order of the requests, and the Minus button to remove requests from the sequence.
    • Lower-right pane: The list of variables found in the selected sequence. You can right-click a variable to set a dynamic value. For more details See Sequence variables.

Next Step: Parameters