Home
Manual exploring
Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.
Using an external client
You can manually explore RESTful or other non-SOAP web services - or SOAP services that do not require security envelopes - using a mobile phone, simulator, or emulator. AppScan displays the domains and requests in its External Traffic Recorder, and create appropriate tests from the input.

Manual exploring
Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.
- Using a browser
  For web applications, you can usually use the build-in Chromium browser for manual exploring. Where necessary the built-in IE vbrowser, or an external browser can be used.
- Using an external client
  You can manually explore RESTful or other non-SOAP web services - or SOAP services that do not require security envelopes - using a mobile phone, simulator, or emulator. AppScan displays the domains and requests in its External Traffic Recorder, and create appropriate tests from the input.
  - Recording with an external client
    Describes recording Manual Explore data with Postman, SoapUI, or another external client.
  - External Traffic Recorder
    When you manually explore using AppScan as recording proxy, this recorder displays domains detected and traffic received, and enables you to control which of these will be tested. A limited version of the recorder is used to record the login sequence.
  - SSL with SoapUI
    To use SoapUI with SSL you must first install the AppScan SSL certificate in SoapUI.
  - SSL with other external client
    To use SSL when recording from an external client, you must first install the AppScan SSL certificate on the AppScan machine. If the client is on a different machine to AppScan, you must also install the certificate on the client machine.

Using an external client

You can manually explore RESTful or other non-SOAP web services - or SOAP services that do not require security envelopes - using a mobile phone, simulator, or emulator. AppScan displays the domains and requests in its External Traffic Recorder, and create appropriate tests from the input.

Note: If your application uses man-in-the-middle protection, it is not possible to scan it with AppScan as proxy.

Recording with an external client

See also:

External Traffic Recorder

Traffic recorder troubleshooting