Parameters, cookies & headers

Identify session IDs and list parameters to exclude from the scan.

This view is used to manage four main functions:
  • Exclude specific parameters, cookies and headers from being tested during scans
  • Control the default treatment of parameters and cookies ("redundancy tuning")
  • Define parameters, cookies and headers that have a special format which AppScan might not recognize on its own
  • Define custom headers

Setting

Description

See

Parameters and Cookies tab

Lets you view, add, edit and delete global parameters that require non-default treatment.

For example, your application may have parameters, cookies or headers whose values you do not want AppScan® to manipulate during tests. To make sure that AppScan does not change these parameters and cookies, exclude them from tests. For example, your application might lock a user session if certain cookie or parameter values are changed. You should exclude these parameters from manipulation. If you do not exclude them, AppScan may not be able to successfully complete the scan, as these cookies will lock AppScan out of the application.

During the Explore stage, AppScan® automatically detects cookies and HTML parameters that are likely to be session IDs and adds them to the list in this tab. You can manually add cookies, parameters and headers that you know to be session IDs.

The columns in this tab are defined in the table below.

Note: The Hide/Show template items button lets you filter out items that originated in the scan template, which may not be relevant to the current scan.

Parameters, cookies and headers definition

Custom Parameters tab

Lets you add, edit and delete parameters with a custom format that AppScan might not otherwise recognize as such.

Custom Parameters tab

Custom Headers tab

Lets you define non-standard (custom) HTTP header formats. AppScan® must be able to identify parameters in response content and correctly add them to headers it sends to the site, in order to be able to test the site effectively.

Custom Header tab

Redundancy Tuning Defaults

This link (at the bottom of the Parameters and Cookies tab) lets you access and edit the default redundancy tuning applied to all parameters, whether discovered by AppScan® or defined by the user.

Note: Changing the specific redundancy tuning of an individual parameter is done as part of Parameters, cookies and headers definition

Changes to the defaults are not applied retroactively to parameters that have already been defined. This must be done manually for each parameter.

Redundancy tuning

Parameters and Cookies tab fields

The following table summarizes the fields in this tab.

Heading

Options and description

Type

Parameter | cookie | custom parameter | header

Name

Tracking

How to track this parameter or cookie:
  • As a login value
  • As a dynamic value
  • As a fixed value
  • Don't track it at all
For more details see Session IDs.

Test Exclude

Defines whether or not to exclude this parameter/cookie/header from testing during the Test stage of the scan.

Redundancy Tuning

  • Default: The default redundancy tuning is applied to this item
  • Custom: The redundancy tuning for this item is different to the current default

Source

Shows from where AppScan obtained this item:
  • Scan template: Originated in the scan template
  • Login session ID: From the login sequence recorded by the user
  • Multi-step sequence variable: From a sequence recorded by the user
  • Explore Optimizer: From the Explore Optimizer extension
  • User-defined