Security vulnerabilities testing by using HCL® AppScan

You can use HCL® AppScan to scan all HTTP traffic that is generated as part of integration testing in HCL OneTest API for security vulnerabilities.

Prerequisites

Before you use HCL® AppScan to scan the HTTP traffic to and from HCL OneTest API, you must consider the following prerequisites:
  • You must have installed a licensed version of HCL® AppScan Enterprise or HCL® AppScan Standard edition. Visit the AppScan family of products page to select your product and version to view the documentation. You can refer to the documentation for the installation instructions for the HCL® AppScan version that you want to use.
  • You must be familiar with configuring and using HCL® AppScan to scan applications or web services for security vulnerabilities.

Overview of tasks

You can find the tasks that you can perform for scanning the HTTP traffic to and fromHCL OneTest API in the following table:
Task
1. Install HCL® AppScan or the HCL® AppScan Dynamic Analysis Client.
2. Set up HCL OneTest API as the application to scan, in the HCL® AppScan server or the HCL® AppScan Dynamic Analysis Client.
You can use any of the following methods to set up the application:
  • Login Management
  • Manual Explore
  • External Traffic Recorder
Refer to the AppScan documentation for the details on these methods in the version of AppScan that you want to use.
3. Start HCL OneTest API from the command line. See Starting HCL OneTest API from the command line.
4. Verify if the HTTP traffic to and fromHCL OneTest API is scanned by HCL® AppScan by creating a project, setting up a physical transport, and creating tests to send and receive messages in HCL OneTest API. After you run the tests, you can view the scan reports in HCL® AppScan.