Web API Wizard extension
This extension lets you scan using Open API description files. It is available from Tools > Extensions > Web Services Wizard (Open API), and the extension is enabled by default.
This AppScan extension supports web service scans based
on Open API (v2 and v3) description files (JSON or YAML). The steps below show the wizard workflow.
Click the step name to see details for that step.
Note: This extension explores web services only.
Any other links are ignored.
Note: Using API keys as HTTP query parameters is not
supported.
Step | Step Name | Description |
---|---|---|
1 | Description Files | Add one or more Open API description files that define the web service. |
2 | Domains | Domains found in the description files are added to the list of domains that can be scanned. In this step you can remove any that should not be scanned. |
3 | Login Management | Define the login procedure for the web service. |
4 | Sequences | Review the requests created from the description files, and their parameters, and create
"sequences" of requests that must be sent in a specific order. Important: Correctly
constructed sequences of requests are essential to enabling AppScan to create objects that depend on the previous creation
of another object. |
5 | Parameters | Review all the parameters found in the requests. You can select which parameters are tracked and which are not tracked, and edit their values. |
6 | Complete | When configuration is complete decide whether to start the scan now or later. |
Additional task:
After completing the wizard configuration, a possible additional task (depending on your service) may be configuring Custom Headers in the main AppScan Configuration dialog box. For details, see Sequence variables.