Creating a scan in AppScan® Enterprise

You can create an AppScan® Enterprise scan using your AppScan® Standard configuration.

About this task

Scan configurations can be used to create a new scan in AppScan® Enterprise to work with them there.

Procedure

  1. Open the scan that contains the configuration you want to use.
  2. Click AppScan Connect > AppScan Enterprise > Create scan in AppScan Enterprise.
    The AppScan Enterprise login dialog-box opens.
  3. Configure your AppScan Enterprise sign-in information, if not configured already:
    To sign in with a User ID and Password:
    1. Select Login with User ID & Password.
    2. In the URL field, enter the AppScan Enterprise server's service URL.

      Format: https://[AppScan Enterprise Server]:[Server port]/ase

    3. Enter a valid User ID (with the format [domain name]\[username]) and Password.
    4. Click Login.
    To sign in using a client-side certificate or smart card:
    1. Select Log in using client-side certificate / Smart Card.
    2. In the URL field, enter the AppScan Enterprise server's service URL.

      Format: https://[AppScan Enterprise Server]:[Server port]/ase

    3. From the Certificate drop-down, select a certificate.
    4. Click Login.
      Note: If you need to log in using a Smart Card PIN code, a dialog box will open where you can enter the code.
  4. In the Create scan in AppScan Enterprise dialog box:
    1. Define a job name.
    2. Select the folder where the scan must be created. For example, Scans\Users\Admin.
      Note: Scan template folders are not shown
    3. Optional: Select an application with which you want to associate the scan. Alternatively, you can search for the application and then select it.
    4. Select a test policy from the drop-down menu.
      Important: To create a scan in your AppScan Enterprise account, you need to have a test policy defined for your account. If there is no test policy defined, you can assign or create a test policy in AppScan Enterprise. Alternatively, you can connect through an account that already has a test policy assigned.
    5. Select the scan method for AppScan Enterprise to use after uploading the configuration:
      • Full Scan: explores and tests the site
      • Explore Only: only explores the site without testing
      • Test Only: exclusively tests the site; useful in scenarios where manual exploration or multi-step operations data is configured.
    6. Optional: Select Run scan later if you prefer to upload the scan configuration to AppScan Enterprise and initiate the scan at a later time.
      Note: If the Run scan later checkbox is cleared, the scan will start automatically in AppScan Enterprise.
    7. Optional: Select Open browser on ASE console page to open the AppScan Enterprise console page in a web browser.
  5. Click Create.
    The scan in AppScan Enterprise will proceed according to the selected scan method and the choice of running it immediately or later. You can monitor the progress of the scan by navigating to the Scans tab in AppScan Enterprise. After the scan is complete, you can review the results and address any vulnerabilities identified in your application.