Parameter definition
Procedure
(or, to edit an existing parameter, select it and click 
).
|
Setting |
Description |
|---|---|
|
Type |
Select a parameter type from the drop-down list: Parameter: All parameters matching this name are included in the definition. Cookie: All cookies matching this name are included in the definition. Custom Parameter: This is a custom parameter (select one of the custom parameters from the Name drop-down list) Header: All headers matching this name are included in the definition. |
|
Name |
The name of the parameter or cookie. Select the adjacent check box if the name you enter is a regular expression. If you do
this you can also open the Expression Test PowerTool by clicking See Parameter names for details. |
|
Comments |
You may optionally add a comment about the parameter in this field for your own reference. |
|
Hosts |
If a Host is specified: Use this parameter for the specified host only. If left blank: Use this session ID for all hosts. |
|
Path |
If the application supplies cookies of the same name from different parts of the application, you can differentiate between them by defining the path for each one. Blank or / will include all occurrences of the cookie. |
|
Test Exclude |
Select this check box only if you are sure you don't want AppScan® to test this parameter at all. |
|
Tracking |
This setting tells AppScan® that this parameter or session ID should be updated during the scan whenever a new value is set by the application, so that a valid cookie/parameter is always sent in requests to the application. |
|
Tracking Options... |
(Click the link to open this optional section of the dialog box.) These options let you fine-tune how the tracked parameter or cookie is treated. Track Type
Send cookie on all requests: When selected, the cookie will be included in all requests, even if not explicitly set by the application. Treat as Group: If the cookie name is a regular expression, define whether to treat different cookie names that match the regexp. as a group (and therefore update the name as well as the value, when there are changes) or as separate cookies. Response Pattern: Generally, AppScan®
updates parameter or cookie values based on the content of links extracted from the
response (parameters) or from the cookie header (cookies). If AppScan® will not be able to extract the value unaided, you can
supply the regexp. that AppScan® can use to
extract the value from the raw response. The regexp. must contain at least one group, and
AppScan® will extract the first match.
|
|
Redundancy Tuning... |
(Click the link to open this optional section of the dialog box.) These four check boxes let you fine-tune how AppScan® relates to changes in the parameter (or even its existence) during the Explore and Test stages of the scan. See Redundancy tuning |
, to help you verify the syntax of your regular expression.Identifiers that define a parameter or cookie
A parameter or cookie is recognized as unique on the basis of certain identifiers. It follows that you cannot define two or more parameters or cookies with the same identifiers. The table below shows the identifiers for each kind of entry.
| Parameter | Parameter name, whether a regular expression, host |
| Cookie | Parameter name, whether a regular expression, host, path |
| Custom parameter | Extracted name (if one exists), reference name, host, occurrence index |