Test policy
The AppScan Standard Default Test Policy is used when running scans from the ASoC user interface, but other policies can be applied with imported scans, or scans run from the API.
The number of possible AppScan tests for a site can reach the thousands. Rather than manually filter the large number of tests and test variants, AppScan Standard lets you set a general policy for the type of test you do or do not want to run on your application.
Predefined test policies
Policy Name |
Description |
---|---|
Default |
Includes all tests except invasive and port listener tests. |
Application-Only |
Includes all application level tests except invasive and port listener tests. |
Infrastructure-Only |
Includes all infrastructure level tests except invasive and port listener tests. |
Third-Party-Only |
Includes all third-party level tests except invasive and port listener tests. |
Invasive |
Includes all invasive tests (tests which might affect the server's stability). |
Complete |
Includes all AppScan tests. |
Web Services |
Includes all REST and SOAP related tests except invasive and port listener tests. |
The Vital Few |
Includes a selection of tests that have a high probability of success. This can be useful for evaluating a site when time is limited. |
Developer Essentials |
Includes a selection of application tests that have a high probability of success. This can be useful for evaluating a site when time is limited. |
Production Site |
Excludes invasive tests that might damage the site, or tests that might result in Denial of Service to other users. |
See also: Test optimization FAQ