Jump to main content
HCL Logo Product Documentation
Customer Support Software Academy Community Forums
AppScan Standard Help
  • Welcome
  • Getting started
  • Configuration
  • Manual exploring
  • Scanning
  • Data
  • Issues
  • Reports
  • Tools
  • Integrations
  • Best practices
  • FAQ & Troubleshooting
  • CLI
  • References
  1. Home
  2. Tools

    This section explains how to use additional tools provided with HCL AppScan Standard.

  3. PowerTools

    AppScan offers access to five utilities (PowerTools), each providing a specific feature to help you manage your application security or to help you use AppScan.

  4. Authentication Tester

    The Authentication Tester PowerTool is a testing utility that uses the "brute-force" technique to reveal weak username-password combinations that could be used to gain access to your web application. (A brute force attack is an automated process of trial and error used to guess authentication credentials, causing a server to acknowledge an imposter as a legitimate user.)

  5. Advanced configuration
  6. Credential Generation tab
  • Welcome

    Welcome to the documentation for HCL AppScan Standard version 10.7.0

  • Getting started

    This section provides a short tour of basic product features and procedures, including using the wizard to set up a scan.

  • Configuration

    You configure a scan by choosing settings that best describe your application, and the kind of testing you want.

  • Manual exploring

    Manual exploring enables you to explore specific parts of your application, filling in fields and forms as you go. This can be a way of ensuring that particular areas of the site are covered, and that AppScan has the information needed to complete forms correctly.

  • Scanning

    Learn how to start a scan, and what happens during the scan; how to manually manipulate the Explore stage, and how to export the results of a scan.

  • Data

    Data view is populated with information about the structure of the site during the Explore stage of the scan.

  • Issues

    Issues view provides access to the results of a scan. You can view results at a high level or select specific tests or objects and access more details. These details include how to fix, requests/responses, and differences between the test variants that resulted in issues. You can manipulate the severity of issues, resend tests (with or without modifications), and create reports based on Issues.

  • Reports
  • Tools

    This section explains how to use additional tools provided with HCL AppScan Standard.

    • Options dialog box

      This section describes options you can control, to customize AppScan, from the Options dialog box in Tools > Options.

    • Web API Wizard extension

      This extension lets you scan using OpenAPI description files. It is available from Tools > Extensions > Web Services Wizard (OpenAPI), and the extension is enabled by default.

    • Scan Scheduler
    • User-Defined Tests
    • PowerTools

      AppScan offers access to five utilities (PowerTools), each providing a specific feature to help you manage your application security or to help you use AppScan.

      • Authentication Tester

        The Authentication Tester PowerTool is a testing utility that uses the "brute-force" technique to reveal weak username-password combinations that could be used to gain access to your web application. (A brute force attack is an automated process of trial and error used to guess authentication credentials, causing a server to acknowledge an imposter as a legitimate user.)

        • Authentication methods
        • Form authentication
        • HTTP authentication
        • HTTP authentication over form authentication
        • Running authentication tests
        • Scan results
        • Advanced configuration
          • General tab
          • Form Authentication tab
          • Proxy tab
          • Credential Generation tab
            • Credential Generation: Mode area
            • Credential Generation: Configuration area
            • List types
            • Examples of Credential Generation configuration.
            • Deleting an element
      • Connection Test

        The Connection Test PowerTool enables you to ping web sites without using the Ping protocol, which is blocked by many firewalls.

      • Encode/Decode

        The Encode/Decode PowerTool encodes and decodes strings you put into it, to and from the format of your choice.

      • Expression Test

        Writing precise regular expressions can be a tedious trial-and-error process. You can use the Expression Test PowerTool to help accelerate the process.

      • HTTP Request Editor

        The HTTP Request Editor PowerTool enables you to send a fully-controlled HTTP request to your site, to test how your site responds to different kinds of HTTP request.

    • Customizing the Tools menu
    • Extensions
    • Logs

      Logs can help you troubleshooting.

    • Searching Results

      You can filter the Result List in any of the views, for specific data.

  • Integrations

    This section describes integrations of other applications with AppScan Standard:

  • Best practices

    This section contains some best practices and use cases for advanced users.

  • FAQ & Troubleshooting
  • CLI

    This section describes the syntax and options available using the Command line interface.

  • References

    Menus and toolbar summaries, and glossary

Credential Generation tab

The options on this tab enable you to configure the usernames and passwords that Authentication Tester tries during the scan.

It has two areas:

  • Mode: Credential Generation: Mode area
  • Configuration: Credential Generation: Configuration area
  • Credential Generation: Mode area
  • Credential Generation: Configuration area
  • List types
  • Examples of Credential Generation configuration.
  • Deleting an element
  • Share: Email
  • Twitter
  • Disclaimer
  • Privacy
  • Terms of use
  • Cookie Preferences