Review reference information for the product.
Learn about folder explorer topics.
Learn how to create scan in the folder explorer.
Learn about configuring wizard topics.
Learn how to use the folder explorer.
A QuickScan template comprises either a content scan job or an import job, plus a report pack. After you create scan templates in the Templates folder in the Folder list, they will automatically be available as scan templates to QuickScan users and to more advanced users who have their QuickScan View turned on in the Show Folder Explorer list. When a QuickScan user creates a scan, a job and report pack will be created based on the template, but will only appear to the QuickScan user as a scan.
Use this task to configure a basic scan with minimal configuration. This scan will automatically discover more URLs to test in your web application. Use this method for an application that has a lot of static links and does not require a lot of user interaction. This scan does not test for security issues, but helps you start exploring your site to determine complete site coverage.
Security scans should be performed in a preproduction environment, such as on a staging or Quality Assurance server. Doing so helps you contain the risks associated with performing security scans. Your preproduction environment should mirror the production environment as much as possible; the application should have the same executable files in both environments so that you know you are thoroughly testing your exposed applications. Security scans should also be integrated into your Software Development Life cycle (SDLC) process so that you can catch security issues before they make their way into your production environment.
A security scan has two distinct phases: Explore and Test.
A security scan requires careful configuration so that it can find all the URLs on your web application and then test them for vulnerabilities.
HCL AppScan Enterprise is a scalable enterprise solution that allows organizations to manage their application security program for their web applications and web APIs. It features cutting edge methods and techniques to identify security vulnerabilities to help protect applications from the threat of cyber-attacks.
JavaScript™ Security Analyzer (JSA) performs static JavaScript source code analysis to detect a range of client-side issues, primarily DOM-Based Cross Site Scripting. JSA analyzes the HTML pages that AppScan® Enterprise collected during the Explore stage. JSA runs in parallel to the Test stage, or can be launched manually on existing Explore results at any time.
Use this task to configure an advanced scan with complex configuration. Use this method for web applications that require a lot of user interaction to navigate the application or if you would like to just test a specific area of your application.
The action-based login capability in AppScan Standard produces the user's actual actions in the browser, rather than just the requests, and replays the sequence in the browser. Take advantage of this capability by creating an action-based login in AppScan Standard and importing it into AppScan Enterprise to help avoid out-of-session events during scanning.
You can import data that is exported from AppScan® Standard version 7.x (and later) into AppScan Enterprise. Importing this data can save time and reduce redundant efforts. Only the URLs (parameters and domains) and HTTP requests from the AppScan .exd file are imported.
An import job takes the results from a data file, and integrates it into the AppScan® Enterprise Server database. Imported data can be used to create reports and dashboards. It can also be combined with data from content scan jobs to create a complete picture of your issues.
Reports are automatically generated after a job has run. They provide a way of managing issues so that you can helps you manage issues that are important to your organization and do so in a way that is supported both by the Enterprise Console's workflow and the workflows of other processes within your organization.