Parameters, cookies & headers
Identify session IDs and list parameters to exclude from the scan.
- Exclude specific parameters, cookies and headers from being tested during scans
- Control the default treatment of parameters and cookies ("redundancy tuning")
- Define parameters, cookies and headers that have a special format which AppScan might not recognize on its own
- Define custom headers
Setting |
Description |
See |
---|---|---|
Parameters and Cookies tab |
Lets you view, add, edit and delete global parameters that require non-default treatment. For example, your application may have parameters, cookies or headers whose values you do not want AppScan® to manipulate during tests. To make sure that AppScan does not change these parameters and cookies, exclude them from tests. For example, your application might lock a user session if certain cookie or parameter values are changed. You should exclude these parameters from manipulation. If you do not exclude them, AppScan may not be able to successfully complete the scan, as these cookies will lock AppScan out of the application. During the Explore stage, AppScan® automatically detects cookies and HTML parameters that are likely to be session IDs and adds them to the list in this tab. You can manually add cookies, parameters and headers that you know to be session IDs. The columns in this tab are defined in the table below. Note: The Hide/Show template items button
lets you filter out items that originated in the scan template, which
may not be relevant to the current scan. |
|
Custom Parameters tab |
Lets you add, edit and delete parameters with a custom format that AppScan might not otherwise recognize as such. |
|
Custom Headers tab |
Lets you define non-standard (custom) HTTP header formats. AppScan® must be able to identify parameters in response content and correctly add them to headers it sends to the site, in order to be able to test the site effectively. |
|
Redundancy Tuning Defaults |
This link (at the bottom of the Parameters and Cookies tab) lets you access and edit the default redundancy tuning applied to all parameters, whether discovered by AppScan® or defined by the user. Note: Changing the specific redundancy
tuning of an individual parameter is done as part of Parameters, cookies and headers definition Changes to the defaults are not applied retroactively to parameters that have already been defined. This must be done manually for each parameter. |
Parameters and Cookies tab fields
The following table summarizes the fields in this tab.Heading |
Options and description |
---|---|
Type |
Parameter | cookie | custom parameter | header |
Name |
|
Tracking |
How to track this parameter or cookie:
|
Test Exclude |
Defines whether or not to exclude this parameter/cookie/header from testing during the Test stage of the scan. |
Redundancy Tuning |
|
Source |
Shows from where AppScan obtained this item:
|