Uploading an advanced scan from AppScan Standard

Upload a scan template from AppScan® Standard to use the same explore and test phase configuration in AppScan Enterprise. This saves time and effort in re-creating scan configurations between AppScan Standard and AppScan Enterprise.

About this task

You should be aware of some limitations with these templates:
  1. Most of the regular job properties sheets of a content scan job are disabled because this job is using an externally created configuration template. These property sheets are available:
    • What to Scan: Automatic Form Fill fields are not extracted from and displayed for imported manual explore data. This data should already be included in the scan template that you import.
    • Security
    • Log Settings
    • Agent Server
    • Job Properties
  2. If the scan template was configured in AppScan Standard with Generic Service Client (GSC), it will not include the GSC settings because they are not stored in the scan template. The scan will run and use the web service as its starting URL.
  3. Scan templates do not include expected responses, so when you run a job based on a scan template, AppScan Enterprise cannot make a comparison, and therefore no warning messages about expected responses are logged in the scan log. Scan results are not affected.
  4. If the scan was configured with a client-side certificate, the Dynamic Analysis Scanner must be able to access the location of the certificate or the configuration will not work properly, and some sites might not be explored or tested.
  5. If you run the scan on Windows 2008, 2008 R2, or 2012 and use Internet Explorer, there is a security feature that must be disabled or the scan might not be able to login to applications. Make sure your Product Administrator reads this topic: Disabling Internet Explorer Enhanced Security Configuration on Windows Server 2008, 2008 R2, and 2012

Procedure

  1. Navigate to the folder where you want to create the item and click Create.
  2. On the Create Folder Item page, create a content scan job.
  3. Enter a Name and optionally, a Description for the item.
  4. Report packs are automatically created when you create a job, with a set of default reports based on the properties of the job. If you do not want to have a report pack automatically created when the job is created, clear the Automatic Report Pack Creation check box.
  5. Select Create using properties from AppScan Standard scan template file as the Method of Creation and browse to the file location of the *.scant file. If you do not have a copy of AppScan Standard, click Download. After you install it and create a scan template, then you can upload it here.
  6. To create the job, click Create.
    Note: If there are any issues during the upload process, they display in the Folder Item Created page as not supported:
    • Privilege Escalation is disabled. Privilege escalation is the process of referring to scans that were run using different user privileges, in order to test whether privileged resources are accessible to users with insufficient access permissions.
    • Interactive Login is rejected. If this option is turned on in AppScan Standard, it is rejected during the upload process to AppScan Enterprise because it requires user interaction.
  7. Click Done.
  8. Security test policies are ignored during upload. If security testing is enabled in scan template, go to the job's Security page, select a security test policy, click Save, and run the scan.
  9. Optional: Go to the scan's What to Scan page to manually import manual explore data from AppScan Standard after you upload the scan template. The manual explore data (*.exd files) are not included in the scan template files.
  10. Optional: If you must change the scan template in AppScan Standard, you can export the template, and then replace it by clicking Browse to upload it again.
  11. Run the scan.