User-Defined Tests

AppScan® provides a database of thousands of tests. However, if your web application has issues that are specific to it, or if you want to write your own advisories for fixing issues, you can create your own tests. These tests are saved and included in your AppScan database of tests.

Each test looks for one specific issue. For example, one test will modify a path in a request; another test will modify user input to include a character that should be invalid. For each test you can define multiple conditions for the following three :
  • Filter: What conditions must be met in order to execute the test.
  • Modification: What are the changes will me made to the request.
  • Validation: What conditions must be met for the test result to be considered positive.
To create and manage user-defined tests:
  • Click Tools > User-Defined Tests.

    The User-Defined Tests dialog box appears, listing tests that have been defined, and their type. The check box next to each test indicates whether or not it is currently enabled in scans.

Option

Description

Enable check box

Select/clear to include/exclude a test from the current scan.

The export icon

Click to Export All or Export Selected user-defined tests, and their enabled/cleared status, as a UDT file that can be imported to a different scan.

The import icon

Click to import a previously saved UDT file. The tests in the imported file are added to the current list of tests.

The edit icon

Select a test row (not its check box), and click Edit to open the User-Defined Test wizard to edit the selected test.

The minus icon

Click to delete the selected test.

The plus icon

Click to open the User-Defined Test wizard to create a new test.