Error pages
Enhance your application's error page identification by adding strings or regular expressions that enable AppScan® to recognize your error pages witihin the response content, path or both. This ensures that AppScan can effectively recognize and handle your error pages, contributing to the overall accuracy of your security scans.
When AppScan® encounters a 404 error page in response to a test, it generally marks the test as failed. This is because a 404 response suggests that the site has correctly identified the request as illegal. However, there are instances where the opposite holds true, and the error page indicates a successful result. In both scenarios, it is important to accurately define error pages so that AppScan can appropriately recognize them.
Web applications and servers often use customized or dynamically generated 404 error pages that can be challenging to automatically recognize. While AppScan attempts to identify customized 404 error pages, there may be instances where it fails to do so. If AppScan encounters an error page and is unable to recognize it, it may incorrectly register the result as positive when it should be negative, or vice versa. The Error Pages list, by default, encompasses standard error page definitions, each displaying the location and value.
- You can define the error page manually before scanning. See Add an error page
- If you have completed the Explore stage, you can set a URL that was discovered as an error page. See Set an error page
- For tests where the previous definition indicated the success of a test, update the results by clicking Apply changes to current results
- For tests where the previous definition indicated the failure of a test, you must re-test.
See also: