Automatic scans

A full automatic scan consists of one or more cycles of an Explore stage followed by a Test stage.

Automatic multiphase scanning

Explore stage

When you begin a full automatic scan, the Explore stage starts first. During this stage AppScan does the following:

  • Crawls the application as a user would, from the starting URL you gave in the scan configuration (see Starting URL and domains), to every URL in the application that has not been excluded.
    Note: Scan Configuration lets you filter the Explore stage (see Exclude paths and files). If you exclude specific paths from it, or set specific Explore limits, these filters are applied to the Explore stage.
  • Builds the Application Tree, a hierarchical model of the URLs in the application.
  • Analyzes the explored URLs and generates tests.

Test stage

During the Test stage, AppScan does the following:

  • Logs in to the application.
  • Performs preliminary tests on the URLs, which help interpret results.
  • Tests URLs by sending requests designed to reveal vulnerabilities.
  • Records the response to each request.
  • Provides test results.

During the Test stage the Security Issues view of the Result List shows the results of the scan.