Automatic multiphase scanning

About this task

Some tests may reveal new areas of the web application which are not accessible through normal browsing of the website (for example, directory listings, or the contents of the robots.txt file). If Multiphase scanning is enabled, AppScan will add URLs that were discovered during the Test stage, to the list of URLs to be explored. When the Test stage is complete, AppScan then automatically explores the newly discovered URLs, creates new tests for them, and tests them.

By default, scans may contain up to four phases, if necessary. You can configure AppScan® to run between 1 and 10 phases.

Note: The multiphase scanning setting only applies if you run a Full Scan. If you activate the Explore Only and Test Only functions, the result will be a single-phase scan.

Procedure

  1. Open Scan Configuration | Test Options view.
  2. Select the Enable Multiphase Scanning check box.
  3. In the Max. Phases text box, enter the maximum number of phases you want to allow (a number between 1 and 10; default 4).

    As AppScan tests the site it analyzes test responses for additional URLs that it could not access during the initial Explore stage. It can then run additional Explore and Test stages on these new links. The number you enter here determines the number of times AppScan will do this. (By default, multiphase scanning is enabled for four phases.)

    Note: The Progress Panel (see Scan progress) shows which phase the scan is currently working on.
    Note: If you re-scan your application (Scan > Re-scan), the phase number restarts at 1.
    Note: If you save a scan, the current phase number is saved. If you later load that scan to run again, it begins from the saved phase number.