Using a browser

For web applications, you can usually use the build-in Chromium browser for manual exploring. Where necessary an external browser can be used.

The AppScan browser opens and you record your actions, links and input data, while you browse through the application. When you stop the recording, AppScan shows you list of the links you crawled, with relevant form filler data that it can now use when exploring or testing the site automatically.

Manual exploring can be done before, instead of, or after the Automatic Explore stage of the scan.
Note: URLs discovered in a Manual Explore are tested individually, just like those found in the Automatic Explore. If you need AppScan to test URLs that it will only be able to access by clicking two or more links in a specific order, you must record a multi-step operation (see Multi-step operations).

Before Automatic Explore

There are several reasons why you might choose to perform a Manual Explore before an Automatic Explore:

  • You want to use the Manual Explore as a way of providing AppScan with data for filling forms, by manually exploring and completing the data as you go.
  • You want to ensure that AppScan tests a speific, important part of the site.
  • You want to scan a specific user process (the URLs, files, and parameters that a user will access given a certain scenario), you can create a manual explore for this process only. This manual explore could be done before you begin a scan.
  • Your application uses JavaScripts or Java applets that reveal certain parts of the application only when states (such as Hover and Mouse Over) follow each other in a specific order. Note that this is not the same as a multi-step operation. For a multi-step operation, AppScan must visit links in a specific order; in this case, once AppScan has the link, it can test it in a single step, like any other link.

After performing the Manual Explore, you can continue with an automatic Explore stage (Explore Only, or Full Scan), so that the scan covers your entire application.

Instead of Automatic Explore

Sometimes you may choose to perform a Manual Explore instead of an Automatic Explore:

  • You want to scan only a small part of the site, and prefer to define the parts to test by manually exploring.

    After manually exploring you can complete your scan by clicking Test Only.

After Automatic Explore

There are two main reasons why you may choose to perform a Manual Explore after an Automatic Explore:

  • Your scan resulted in some URLs being categorized as Interactive (see User Interaction Needed), meaning that AppScan was unable to automatically fill in the required data. You can manually explore these URLs to do this.
    Note: After you do this the URLs are removed from the list of Interactive URLs.
  • Your site includes SWF (Adobe Flash) files. AppScan tests these, if configured (see Explore options view), but if you find it missed certain files, you can identify them for AppScan using Manual Explore. Note that you do not need to explore the movie itself, just click on the SWF file, close Manual Explore, and then rerun Automatic Explore.