Advanced login settings

Scan Configuration > Login Management > Advanced tab.

The Advanced tab of Login Management view is used to advanced login settings and logout page detection.

Setting

Details

Advanced Login Settings

Allow login even if the application is already logged in: To save scan time, AppScan sends multiple login requests without logging out in between. Deselect this check box only if your application does not allow this.

Number of failed login attempts before user is locked out: If your application will lock a user out after a certain number of failed login attempts, select this check box and configure the number. AppScan will send valid login requests between failed requests to ensure this threshold is never reached, as further scanning would then be impossible.

Logout Page Detection

AppScan® uses a regexp to identify log out pages. This helps it to scan more efficiently by trying to avoid getting logged out too often, and having to log in again. It is also used to identify logout pages when you configure the scan to not test login/logout pages (see Test options), and to logout when needed as a part of some security tests. This is the default regexp:
(logout|signout|logoff|signoff|exit|quit|invalidate)
If any of the indicators in this regexp appear in the URL, AppScan® assumes the page is a logout page, and therefore that it is currently logged in to the application.
Note: AppScan may add to this expression when you record a Login procedure, if it identifies additional indicators.

You can add further indicators as necessary but be sure to follow the regular expression syntax rules.

Note: The Expression Test PowerTool (Tools > Expression Test ) can be useful to verify the syntax of your regular expressions. If you need additional help you may find the following link useful: http://www.regular-expressions.info/quickstart.html