DAST issue verifier

DAST issue verifier helps developers simulate DAST tests and validate DAST vulnerabilities reported by AppScan directly within their IDE or browser. This allows them to debug and confirm fixes without rescanning, reducing the time and effort needed for fix cycles.

About this task

You can verify the fix in one of the following ways:
  1. Copy the JavaScript and paste it into the browser.
  2. Upload the Python script to an IDE.

Using the fix verification script (JavaScript) to reproduce an issue

About this task

As developers, you can copy the script and run the fix verification script (JavaScript) in the browser console.

Procedure

  1. In the ASoC user interface (UI), locate the specific issue.
  2. Go to Issues > Details.
  3. In the Fix verification section, click Copy script to copy the provided script to your clipboard.
  4. Open a web browser and go to the target web application.
  5. Log in to the application.
  6. Press F12 to open the browser's developer tools.
  7. Navigate to the Console tab in the developer tools.
  8. Paste the copied script into the console.
  9. Press Enter to run the script.
  10. Interpreting the script output: The output provides a message indicating whether the issue is still present or has been resolved.

Using the fix verification script (Python) to reproduce an issue

Before you begin

To ensure the Python script works correctly, you need to install a Python library first.
Note: Perform the following one-time setup activities.

Installing Python 3

  1. Go to https://www.python.org/downloads/ and download the Python installer for your system.
  2. Open the installer and follow the steps to finish the installation.

Validating Python

To validate if Python is installed and available on system PATH:
  1. Open a terminal and type: $> python --version.
  2. The installed Python version is displayed. For example, "Python 3.13.3".
Installing the Appscan DAST issue verifier module
  1. After installing Python, open a terminal.
  2. Ensure that you have the pip module present by running the following command:

    $> python -m pip --version

    The installed pip version is displayed. For example, "pip 25.0.1".

  3. Run the following command:

    $> python -m pip install appscandastissueverifier

  4. Once the command is completed successfully, verify that the appscandastissueverifier module is installed by running the command:

    python -m pip list appscandastissueverifier

  5. The following details are displayed. 
    `Package Version`
 -------- ---------
`appscandastissueverifier 1.0.0`
Updating the Appscan DAST issue verifier module

When you run the fix verification script and you encounter an error related to the version of AppScanDAST issue verifier module, you need to update it with the following command:

python -m pip update appscandastissueverifier

About this task

Follow the steps to running the fix verification script (Python).

Procedure

  1. In the ASoC user interface (UI), locate the specific issue.
  2. Go to Issues > Details.
  3. In the Fix verification section, click Download to download the provided script to your system.
  4. Open the downloaded script in a text editor.
  5. Follow the instructions in the script to change the following sections and save the script. 
    REPLAY_HOST  Change this to the web application’s url that needs to be tested 
SESSION_TOKENS Login to the web application in your browser and copy the cookies. Add each cookie as 
a name value pair, separated by a comma (This is a python dictionary).
  6. Open a terminal and run the script:

    $> python replay-script.py

  7. Interpreting the script output: The output provides a message indicating whether the issue is still present or has been resolved.