Record sequence with browser

About this task

These are the options when recording a multi-step operation:

AppScan Chromium browser (default)
AppScan will record using the built-in Chromium-based browser, without logging in. When the browser opens you can log in, if needed, and then record your multi-step sequence.
Note: If you use this option and then record login requests as part of the sequence, parameters and cookies received will always be treated as Dynamic, even if they are Login requests, and even if you change their tracking to Login Value.
External browser
Active only if you have configured AppScan to use an external browser for scanning (Tools > Options > Use External Browser > Select Browser). If possible it is recommended to use the AppScan Chromium browser, as it records extra information that improves login success during scanning. Use the external browser only if recording the login with the AppScan browsers does not work for your application.
Important: During playback of a multi-step operation, in-session detection is Off (see Login method). This means that AppScan® does not verify that it is logged in. Therefore, if the failure of the multi-step operation will cause the user to be logged out of the application, it is important that login be recorded as part of the sequence (so it will be replayed each time the sequence runs). If this is not done the multi-step operation may fail.

Procedure

  1. Click Record sequence and select one of the record options (see above).
    The selected browser opens.
  2. Click on links and fill in fields as necessary to reach the required pages. You can use the Pause button if you want to click links without recording them as part of the operation.
  3. Close the browser.

    The sequence appears in the Sequence pane (upper right). Sequences are automatically named in order: "Sequence 1", "Sequence 2" etc., but you can rename by typing into the name field.

    You can optionally change the Playback Method (bottom left of the dialog box):
    • Request-based playback (default) sends the raw HTTP requests from the recording. This method is usually faster.Sample sequence in Request-based view
    • Action-based playback replays the clicks and keystrokes of the user. Reasons for selecting this method could be that the site includes a lot of JavaScript, or that some of the requests in the request-based playback were marked with a red X when you attempted to validate them. This method can increase scan time.Sample sequence in ActionRequest-based view
    Note: If the scan is configured to use a browser other than the embedded browser (Tools > Options > Use external browser), request-based playback is always used.
    Note: If your site requires users to log in, and you selected Request-Based Login, you must select Request-based Multi-Step Operations too, otherwise the Multi-Step Operations will not be sent.
  4. Click Validate.
    AppScan replays the sequence, and a green check-mark appears next each request or action that is successfully replayed. If a request or action is not successful a red X appears next to it. Options:
    • View any URL by selecting it and clicking the Show in browser button
    • Remove any unnecessary step by selecting it and clicking the minus button. After doing this click the Validate button, to check that the sequence still keeps in-session.
    • Right-click on a step in the sequence and set to Don't Test. The URL will still be included when playing the sequence, but will not be tested individually.
    • Right-click on a step that is set to be tested individually, and select Play sequence before testing request > No if it is not necessary to play the previous steps in the sequence each time this URL is tested.