Welcome
Welcome to the documentation for HCL AppScan Standard version 10.4.0
Getting started
This section provides a short tour of basic product features and procedures, including using the wizard to set up a scan.
Configuration
You configure a scan by choosing settings that best describe your application, and the kind of testing you want.
- Presets
  Presets give you the main configuration views needed for a particular type of scan.
- Views
- Scan using a Postman Collection
  If you have a Postman Collection of requests to your web API, you can import it and use it as the basis for a scan.
- Scan file structure
  Explains the basic structure of an AppScan Standard SCAN file.
- Scan templates
  A scan template is simply a scan configuration that has been saved so that you can use it again.
  - Predefined templates
    - The Parameter-Based Navigation template
      Explains the configuration of this predefined template.
  - User-Defined Scan Templates
    When you set up a scan, you can save the configuration as a template for use in future scans.
  - Loading scan templates
  - Editing Scan Templates
- Changing the configuration during a scan
Manual exploring
Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.
Scanning
Learn how to start a scan, and what happens during the scan; how to manually manipulate the Explore stage, and how to export the results of a scan.
Data
Data view is populated with information about the structure of the site during the Explore stage of the scan.
Issues
Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.
Reports
This section describes how to generate reports from the scan results.
Tools
This section explains how to use additional tools provided with HCL AppScan Standard.
Integrations
This section describes integrations of other applications with AppScan Standard:
Best practices
This section contains some best practices and use cases for advanced users.
FAQ & Troubleshooting
CLI
This section describes the syntax and options available using the Command line interface.
References
Menus and toolbar summaries, and glossary

Predefined templates

About this task

AppScan® comes with some predefined scan templates that are configured to produce the best results when testing AppScan® on a test site. These templates save you the need to adjust the many configuration options to optimize your scan. (Updates to these templates may be included in AppScan® updates from time to time.)

Regular Scan
demo.testfire.net (for scanning the Altoro Mutual Bank website, which has been created for demonstration purposes)
Hacme Bank
GraphQL (see Scanning a GraphQL web API)
Parameter-Based navigation
Production Site (configured for use with live production sites, see Scanning live production environments for more details)
Quick and Light Scan (configured to produce useful results in a short time)
WebGoat v5
WebSphere® Commerce
WebSphere® Portal

The table below shows some basic configuration details of some of the predefined templates.


Test Application	Path Exclusion	Path Limit	Explore Method*	Case Sensitive	Login
WebGoat	.attack\?Num=.	Off	Depth First	Yes	Username: guest Password: guest
demo.testfire.net	none	5	Breadth First	No	Username: jsmith Password: demo1234

* For details of Explore Method refer to Explore options view

To scan with a predefined template:

Procedure

On the menubar, click File > New > New from template... > Browse.
Browse to the AppScan templates folder, default location:
C:\Program Files (x86)\HCL\AppScan Standard\Templates
The scan configuration dialog box opens.
Define the Starting URL for the scan (see Starting URL and domains).
If applicable, record the login procedure, or supply username and password (see Login method).
Click OK to close the dialog box.
In the context toolbar, click Start full scan.