Record sequence with browser
About this task
These are the options when recording a multi-step operation:
- AppScan Chromium browser (default)
- AppScan will record using the built-in Chromium-based browser, without logging in. When the
browser opens you can log in, if needed, and then record your multi-step sequence.Note: If you use this option and then record login requests as part of the sequence, parameters and cookies received will always be treated as Dynamic, even if they are Login requests, and even if you change their tracking to Login Value.
- AppScan IE browser > Log in and then record
- AppScan® will log in to the application automatically
(using the login you recorded) before the browser opens. You can then record your multi-step
operation without recording the login requests. This method has the advantage that the login
requests will not be replayed every time this sequence is played, but only if AppScan is out-of-session.Note: Parameters and cookies that are present in the Multi-Step sequence but not in the Login sequence, are always tracked as Dynamic, even if you change their tracking to Login Value.
- AppScan IE browser > Record without login
- AppScan® will begin recording the sequence without
logging in. When the browser opens you record your multi-step sequence directly. If you need
to log in, the login will be part of the recording and will therefore be replayed every time
the sequence is played, which can significantly increase scan time. Where login is required,
the best practice is to use the previous option.Note: If you use this option and then record login requests as part of the sequence, parameters and cookies received are always tracked as Dynamic, even if they are Login requests, and even if you change their tracking to Login Value.Note: If no login sequence has been configured there is just one IE option: Record.
- External browser
- Active only if you have configured AppScan to use an external browser for scanning (Tools > Options > Use External Browser > Select Browser). If possible it is recommended to use the AppScan Chromium browser, as it records extra information that improves login success during scanning. Use the external browser only if recording the login with the AppScan browsers does not work for your application.
Important: During playback of a multi-step operation, in-session detection is Off (see
Login method). This means
that AppScan® does not verify that it is logged in.
Therefore, if the failure of the multi-step operation will cause the user to be logged out of the
application, it is important that login be recorded as part of the sequence (so it will be replayed
each time the sequence runs). If this is not done the multi-step operation may fail.
Procedure
-
Click Record sequence and select one of the record
options (see above).
The selected browser opens.
- Click on links and fill in fields as necessary to reach the required pages. You can use the Pause button if you want to click links without recording them as part of the operation.
- Close the browser.
The sequence appears in the Sequence pane (upper right). Sequences are automatically named in order: "Sequence 1", "Sequence 2" etc., but you can rename by typing into the name field.
You can optionally change the Playback Method (bottom left of the dialog box):- Request-based playback (default) sends the raw HTTP requests from the recording. This method is usually faster.
- Action-based playback replays the clicks and keystrokes of the user. Reasons for selecting this method could be that the site includes a lot of JavaScript, or that some of the requests in the request-based playback were marked with a red X when you attempted to validate them. This method can increase scan time.
Note: If the scan is configured to use a browser other than the embedded browser (Tools > Options > Use external browser), request-based playback is always used.Note: If your site requires users to log in, and you selected Request-Based Login, you must select Request-based Multi-Step Operations too, otherwise the Multi-Step Operations will not be sent. -
Click Validate.
AppScan replays the sequence, and a green check-mark appears next each request or action that is successfully replayed. If a request or action is not successful a red X appears next to it. Options:
- View any URL by selecting it and clicking
- Remove any unnecessary step by selecting it and clicking . After doing this click the Validate button, to check that the sequence still keeps in-session.
- Right-click on a step in the sequence and set to Don't Test. The URL will still be included when playing the sequence, but will not be tested individually.
- Right-click on a step that is set to be tested individually, and select Play sequence before testing request > No if it is not necessary to play the previous steps in the sequence each time this URL is tested.