Step 1: Configuring the scan

About this task

The Scan Configuration Wizard provides an easy way to configure a scan, when you do not need to change many of the default configuration settings.

Procedure

  1. Launch AppScan, to open the Welcome Screen or, if AppScan is open, click File > New for a similar dialog box.
  2. Verify that the Launch Scan Configuration Wizard check box is selected, then select the Regular Scan template.

    The Scan Configuration Wizard Welcome opens.

  3. Select the Web Application Scan radio button, then click Next.

    The URL and Servers step of the wizard appears.

  4. Enter the URL of your application in the text box, then click Next.

    The Login Management step appears.

  5. Click Record Login.

    The AppScan® browser opens, to the starting URL that you set up in the previous step. Your browsing is now being recorded by AppScan.

  6. Log into your application with an authorized username and password.
  7. When you have successfully logged-in, close the browser.

    The "Login Sequence" (the sequence of links that achieved the logged-in state) is displayed (see Record login with a browser for more details), and the gray key icon turns green, indicating that in-session detection is active.

    This: key with warning icon changes to this: key with checkmark icon

  8. Click Next.

    The Test Policy step appears.

  9. Click Next.

    The Test Optimization step appears. Leave the default setting for a regular scan.

  10. Click Next.

    The final step of the wizard appears. You are now ready to run the scan (see Step 2: Running the scan).

    Note: Although it is possible to start the automatic scan at this stage, in many cases a better result will be achieved by manually exploring the application first, as a regular user would (see Using a browser).