Improve site coverage manually

You can add URLs that the initial Automatic Explore stage missed, both individual URLs (such as those accessed by forms that require specific input) and ordered sequences of URLs (such as shopping carts).

About this task

There are various reasons why AppScan may be unable to crawl certain parts of the site automatically without first getting input from you.
  • If the application has forms that require specific input, you can navigate to the page using the Manual Explore feature and fill in the required data. This will be recorded in the automatic form filler for use during scanning.
  • If your application uses JavaScript. Java applets, or Flash - and has links that appear only in certain states, following a specific sequence of states - such links may be missed by Automatic Explore. Using Manual Explore to access them will ensure that AppScan tests them and any additional links they lead to.
  • If your application uses Java applets that reveal links, these will not be tested by AppScan unless you explore them manually.
  • If certain parts of the site can only be reached by clicking links in a specific order (such as a shopping cart), you should record a Multi-Step Operation (Scan Configuration > Multi-Step Operations view).

Procedure

  1. Manual Explore. Use this feature to add URLs that were not discovered during the automatic Explore, and which can be accesses without a specific context.
    1. On the toolbar, click Manual Explore.

      The AppScan built-in browser opens.

      Note: If the application does not appear in the browser as expected, it may not be optimized for the AppScan built-in browser, in which case you can configure AppScan to use a different browser. See Changing the default browser.
    2. Browse the application, clicking the links you want tested, completing data, and trying to cover as much functionality as possible.
    3. When finished, close the window (by clicking the X button on the titlebar).

      The manual Explore window opens.

    4. Save the data for use with future scans by clicking Export, and saving.
    5. To add the data to the current scan, select Add All, then click OK.
    6. After the new pages load, on the toolbar click Scan > Continue Explore Only.

      AppScan will now explore new links revealed by your Manual Explore.

    7. After the Explore is finished, review the Application data to verify that the Explore achieved the coverage you expected.
  2. Multi-Step Operations. Use this feature to record sequences of URLs that must be accessed in a specific order.
    1. Open Scan Configuration > Multi-Step Operations view.
    2. Click the red Start Recording button, and choose Login and then record.
    3. Log in to the application and perform the process you want to record (such as adding an item to the shopping cart and checking out).
      Note: You can click Pause if you need to click links that you do not want included in the recording, and then click Pause again to resume recording.
    4. Close the browser window.
    5. If some of the parameters in the sequence require a unique value, see Sequence variables.