Request-Based tab

Scan Configuration > Explore Options > Request-Based tab.

In this tab you configure settings that affect Request-Based Explore. This tab is active only if the Request-Based Explore Method is selected in the Main tab.
  • JavaScript™ options determine whether AppScan® should ignore or scan these scripts.
  • Explore Mode determines whether AppScan explores all links on a page before continuing to the next page, or explores each new link as it is found.
  • WebSphere Portal are for configuring the client to recognize a specific server encoding and to send a specific user-agent header.
  • Flash
Setting Details
JavaScript
Parse JavaScript code to discover URLs AppScan will parse JavaScript code as text data to collect links.
Explore Mode
Breadth First (Default) AppScan explores page by page, exploring all links on one page before continuing to the next.

It is recommended that you do not change the default selection of this option (Breadth First), unless you are aware of limitations in your application that demand that a user visits links in a specific order.
Depth First AppScan explores link by link, exploring each new link as it is found.

If you change the Explore Method to Depth First, you must also change AppScan to use only one thread during the Explore (in Configuration > Communication and Proxy view).

WebSphere® Portal
Enable WebSphere Portal scanning

If the site is a WebSphere Portal site, AppScan will need to get URL decoding information from the site for more efficient scanning and to build a useful application tree. To enable decoding, select Enable WebSphere Portal scanning.

If the context root URL does not follow the default format, click Add Context Root URL to add one or more context root URLs.
Tip: If you are not sure what your portal's context root URL is:
  1. On the computer where WebSphere Portal is installed, open the wkplc.properties file in the wp_profile_root/ConfigEngine/properties directory.
  2. The context root value is specified by the WpsContextRoot property.
Tip: When scanning a WebSphere Portal site, it is recommended to use the predefined WebSphere Portal scan template, which is configured for the purpose.
Flash
Parse Flash to discover URLs AppScan will parse Flash code as text data to collect links.
Execute Flash files to discover potential vulnerabilities AppScan will actually play Flash files and analyze the results to collect links, including dynamic links that may not be discovered by parsing alone. (This utilizes more system resources than parsing.)

Adobe™ Flash Player for Internet Explorer, Version 9.0.124.0 or higher is required. If a supported version is not installed a warning appears next to the check box when selected, and Flash Execution will not run. See Flash content.

If you have Adobe Flash Player Version 10.1 or higher, you may get a message that it requires configuration to work with AppScan. See Flash Player configuration.

When Flash Execution is selected, three Flash execution limits can also be configured. These are:
  • Depth Limit: The maximum number of "clicks away from the initial screen" that can be clicked before the scanning of any particular Flash movie is stopped and the scan moves on.
  • Click Limit: The maximum total number of clicks that can be made before the scanning of any particular Flash movie is stopped and the scan moves on.
  • Screen Limit: The maximum number of unique Flash states allowed before the scanning of any particular Flash movie is stopped and the scan moves on.