Advanced tab
Scan Configuration > Login Management > Advanced tab.
The Advanced tab of Login Management view is used to advanced login settings and logout page detection.
Setting |
Details |
---|---|
Advanced Login Settings |
Allow login even if the application is already logged in: To save scan time, AppScan sends multiple login requests without logging out in between. Deselect this check box only if your application does not allow this. Number of failed login attempts before user is locked out: If your application will lock a user out after a certain number of failed login attempts, select this check box and configure the number. AppScan Enterprise will send valid login requests between failed requests to ensure this threshold is never reached, as further scanning would then be impossible. |
Logout Page Detection |
AppScan® uses a regexp to identify log out pages. This
helps it to scan more efficiently by trying to avoid getting logged out too often, and having to log
in again. It is also used to identify logout pages when you configure the scan to not test
login/logout pages (see Test Options view), and to logout when needed as a
part of some security tests. This is the default
regexp:
If any of the
indicators in this regexp appear in the URL, AppScan
assumes the page is a logout page, and therefore that it is currently logged in to the
application.Note: AppScan may add to this expression when you record a Login procedure, if it
identifies additional indicators. You can add further indicators as necessary but be sure to follow the regular expression syntax rules. Note: The Expression Test PowerTool (Tools > Expression Test ) can be useful to verify the
syntax of your regular expressions. If you need additional help you may find the following link
useful: http://www.regular-expressions.info/quickstart.html
|