Home
Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
Scan Configuration Dialog Box
URL and Servers view
Configure the Starting URL for the svcan, and any additional servers and domains to be included.
Limiting scan to the Starting URL folder
You can easily limit a scan to within and below the folder of the Starting URL.

Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
- Scan Configuration Wizards
  You can quickly configure basic scans using the wizards.
- Scan Configuration Dialog Box
  - URL and Servers view
    Configure the Starting URL for the svcan, and any additional servers and domains to be included.
    - Limiting scan to the Starting URL folder
      You can easily limit a scan to within and below the folder of the Starting URL.
    - Additional Servers and Domains
      You can include domains other than that of the Starting URL in the scan.
    - Changing the Starting URL host
      You can change the host, scheme, or port in the Starting URL of a configured scan, without re-recording the login, multi-step operations, or manual explore data.
  - Login Management view
    Show AppScan® how to log in to your application.
  - One-Time Password (OTP) view
    If required by your application, configure AppScan® to use OTP when logging in.
  - Environment Definition view
    Environment definition is not essential, but enables AppScan® to safely refrain from sending non-relevant tests during the scan, resulting in a faster and more accurate scan.
  - Exclude Paths and Files view
    You can configure AppScan to ignore certain paths in the application, or specific types of file.
  - Explore Options view
    Define scan limits, link extraction methods and the general Explore method.
  - Parameters and Cookies view
    Identify session IDs and list parameters to exclude from the scan.
  - Automatic Form Fill view
    Provide AppScan® with valid parameter values for filling forms in your application during the scan.
  - Error Pages view
    Add strings, regular expressions and URLs to identify your application's custom error pages.
  - Multi-Step Operations view
    Record and manage multi-step operations that are required to reach specifica parts of the application that could otherwise be missed.
  - Content-Based Results view
    Define a logical structure for the application tree, if AppScan® will not be able to do this based on URL structure.
  - Communication and Proxy view
    Configure communication timeout and proxy server settings.
  - HTTP Authentication view
    Add server-level authentication and client-side certificates, if required by the application.
  - 3rd Party Authentication view
    3rd Party Authentication view of the Configuration dialog box lets you configure AWS settings.
  - Test Policy view
    Define and edit the collection of tests that will be sent to the application during testing; the test policy.
  - Test Optimization view
    Apply optimization for faster scans at times in the product lifecycle when speed is more important to you than scan depth.
  - Test Options view
    Additional test options.
  - Privilege Escalation view
    Refer AppScan to scans run using different user privileges, to discover privileged resources that may be accessible to users with insufficient privileges.
  - Advanced Configuration view
    This view gives you access to many advanced registry settings and it should only be used by experienced AppScan users, or when instructed to do so by the support team to troubleshoot a problem.
- Scan file structure
  Explains the basic structure of an AppScan Standard SCAN file.
- Scan templates
  A scan template is simply a scan configuration that has been saved so that you can use it again.
- Changing the configuration during a scan

Limiting scan to the Starting URL folder

You can easily limit a scan to within and below the folder of the Starting URL.

About this task

The check box under the Starting URL field automatically creates the necessary filters to limit your scan to within and below a particular directory.

Procedure

Open Scan Configuration > URL and Servers.
Type or paste-in the URL of the directory you want to restrict the scan to.
Select the Scan only links in and below this directory check box.
The scan will now be limited to paths under this URL. Links outside this range will not be scanned.

Example

If the Starting URL is defined as http://main/bank/

Links to the following will be scanned:
- http://main/bank/transfer.aspx/
- http://main/bank/transfer/page_1.aspx/
Links to the following will be ignored:
- http://main/transfer.aspx/
- http://main/transfer/page_1.aspx/

When you configure the Starting URL, and select this check box, the following two items are added at the top of the Exclude Paths and Files table (Scan Configuration > Exclude Paths and Files):


Item Type	Path	Matching	Behavior
Exclude (Start URL)	.*	Regular Expression	Always first in the table. Cannot be demoted. Cannot be edited or deleted. However, if the next item (Exception) is deleted, this is deleted too.
Exception (Start URL)	http://main/bank	Full Path	Always second in the table. Cannot be promoted or demoted. Can be edited. (This is to allow for editing the exception in rare cases where AppScan misidentifies the Starting URL directory.) If deleted, the previous item (Exclude) is also deleted, and the Starting URL check box is deselected.

Note: Unlike other exclusions and exceptions, these two have a gray background, indicating their special status.

When the scan starts, and the Application Tree fills in the left pane, links to parts of the application that are not below the Starting URL are shown with a red X, indicating that they were not scanned.

Red X icons in application tree

What to do next

You can verify that the Exception added is correct, or edit it, from Exclude Paths and Files view (see Limiting scan to a specific folder.