How an automatic scan works

This topic explains the difference between the "stages" and "phases" of a scan.

An AppScan Full Scan consists of two stages: Explore and Test. It is useful to understand the principal behind this, even though most of the scan process is in fact seamless to the user, and little user input is required until the scan is complete.

Explore stage

During the first stage, AppScan explores the site (web application or web service) by simulating a web user clicking on links and completing form fields. This is the Explore stage.

AppScan analyzes the responses to each request it sends, looking for any indication of a potential vulnerability. When AppScan® receives a response that may indicate a security vulnerability, it automatically creates a test (or tests) based on the response, as well as noting the validation rules needed to determine which results constitute vulnerability, and the level of security risk involved.

Before sending the site-specific tests created, AppScan sends several malformed requests to the application to determine the manner in which it generates error responses. This information is then used to increase the precision of AppScan's automatic test validation process.

Test stage

During the second stage, AppScan sends thousands of custom test requests that it created during the Explore stage. It records and analyzes the application's response to each test using the custom validation rules. These rules both identify security problems within the application and also rank their level of security risk.


In practice, the Test stage frequently reveals new links within a site, and more potential security risks. Therefore, after completing the first "phase" of Explore and Test, AppScan automatically begins a second "phase" to deal with the new information. If new links are discovered during the second phase, a third phase is run, and so on.

After completing the configured number of scan phases (user configurable; default four), scanning stops and the completed results are available to the user.

Scan flow

The following diagram illustrates the stages and phases of automatic scan flow. Note that this process requires no action from the user, but you may come across them referred to in the AppScan® log.

Flow chart illustrating Explore and Test stage stages