Recording the APIs using the ADAC client using Postman or SoapUI

Create a GraphQL scan by Recording the APIs using the ADAC client using Postman or SoapUI.

Procedure

  1. On the AppScan Enterprise Scan page, click Create Folder Item.
  2. Select the Job using template radio-button and in the drop-down list, select the option GraphQL template.
  3. Click the Create button. The browser launches the AppScan Dynamic Analysis Client (ADAC).
  4. Navigate to the Manual Explore section, click Add, select External client, and then select Postman or SoapUI.
  5. AppScan opens the selected tool (i.e., Postman or SoapUI) and automatically configures it to work with AppScan as it’s recording proxy.
  6. Once the tool launches, run the collection.
  7. After you run the collection, in the Record Traffic window, click the Stop Recording button and then click Save.
  8. In ADAC window, select the checkbox under domains detected for the domains to be included in the scanning.
  9. Navigate to Job Properties, select a desired Test Policy, and click Create Job.
  10. Run the scan.