How to scan using a Postman Collection
If you have a Postman collection of requests to your web API, you can add this collection and use it as the basis for a scan. AppScan runs its own Explore stage using the collection, and displays the resulting data in Dashboard.
- Adding a Postman collection is not applicable to a content scan job.
- You cannot create or edit a Postman collection scan job using ADAC.
Using the AppScan Standard scan job in AppScan Enterprise
You can import the Postman collection in a scan job using AppScan Standard and then replicate this job in AppScan Enterprise.
- In AppScan Standard, create a scan job using the Import Postman Collection option. For more information, see Scan using a Postman Collection.
- On the menubar, click
- To sign in with a User ID and Password:
- Select Log in with User ID and Password.
- In the URL field, enter the AppScan Enterprise server's
service URL.
Format:
https://[AppScan Enterprise Server]:[Server port]/ase
- Enter a valid User ID (with the format
[domain name]\[username]
) and Password. - Click Login.
- To sign in using a client-side certificate or smart card:
- Select Log in using Client-Side Certificate / Smart Card.
- In the URL field, enter the AppScan Enterprise server's
service URL.
Format:
https://[AppScan Enterprise Server]:[Server port]/ase
- Select the check box for the certificate needed.
- Click Login.Note: If a Smart Card PIN code is needed to log in, a dialog box opens for you to enter it.
On successful login, close the AppScan Connect window.
. Configure your AppScan Enterprise sign-in information: - To sign in with a User ID and Password:
- On the menubar, click .
- Define the Job Name and optionally AppScan Enterprise Folder, Application
and the Test Policy. Note:
- If you do not select a folder the default AppScan Enterprise folder is used.
- The Select Application dialog box includes a Create a new application on server option if your permissions allow this.
- By default, the Continue Full Scan option is
selected.Note: Irrespective of the option you select the Full scan option will be applied to the job in AppScan Enterprise.
- Click Create. When the process is complete a green success message appears in the dialog box.
- Click AppScan Enterprise jobs link to view and run your job in AppScan Enterprise.
Using the AppScan Enterprise APIs
You can use the AppScan Enterprise REST APIs to create a scan job, add a Postman collection and then run the job.
- Create a scan job by using any one of the following APIs.
POST /jobs/{templateId}/dastconfig/createjob
POST /jobs
POST /jobs/createjobBasedOnTemplateFile
Note: When you create a scan job, it is recommended to select the "Regular" template to avoid any performance issues.
- Add the Postman collection to the job by using the API:
POST /jobs/{jobId}/dastconfig/postman/create
- Run the scan job by using the API:
POST /jobs/{jobId}/actions
Note: After you have created the job using the APIs, you can view and run these scan jobs from the Scans view of AppScan Enterprise.
For more information, see the article API scanning using Postman Collection. To get additional information about the APIs and the parameters to be used, refer the Swagger page.