Overview of scan configuration differences in v9.0.2 and higher and in previous versions

The security team (whose members have Administrator privileges) creates templates by using scan configuration that they author in AppScan Standard. The scan template file is then available for use in AppScan Enterprise. Developers (with QuickScan user privileges) pick up the template when they create a scan, and use a wizard in the new AppScan Dynamic Analysis Client to finish the scan creation. They use the same Client when they need to amend the scan configuration.

This workflow provides many benefits: The security team uses a richer environment to select scan options in AppScan Standard. This method is a one-step process to provide these templates to developers in AppScan Enterprise. It produces more consistent results across the organization, and provides the same user experience during job configuration. It improves the configuration experience for developers, who often don't have much security knowledge, and provides them with the ability to configure action-based login and manual explore features.

There are some upgrade considerations to know about:
  • The new method is accessed from both the Monitor and Scans views.
  • Existing scan templates from v9.0.1.1 are kept after upgrade, and the old method of QuickScan template creation still exists. To take advantage of this new method, during upgrade you must run the Default Settings Wizard after the Configuration Wizard to install the templates for v9.0.2.
  • To avoid any template name conflicts in the Templates directory in the Folder Explorer, (v9.0.2) is appended to the template name. If you install a new instance of AppScan Enterprise, you can still access the templates from v9.0.1.1. When you create a new content scan or template from the Scans view, select Create using previously saved settings file and go to <install-dir>\AppScan Enterprise\Initializations\ASE\DefaultTemplates\Job\Version 9.0.1.1 to select the *.xml file.