Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
3 replies Latest Post - ‏2013-05-30T21:20:11Z by misty005
Ed_Grigoleit
Ed_Grigoleit
54 Posts
ACCEPTED ANSWER

Pinned topic Appscan SE 8.6.0.1 Misc Questions

‏2013-02-02T16:25:55Z |
We are just starting to use Appscan SE 8.6.0.1 (Appscan 8.5.0.1 is still installed on our desktops, and will stay there so we can access archived scans).

We never perform full scans, always scanning an application in chunks using Manual Explores. The test count at the end of an explore has always been important to us, as it is an indication of how big the scan file will be, and how long the scan will take. Based on this count, we may decide to re-explore, or look to make other configuration changes. It also gave a better indication of scan progress than just a progress bar while a scan was running, or if it stops mid-scan. Appscan 8.6 no longer displays the test count. Is this a configuration setting that can be turned on? If not, is there another measure we can use to estimate scan size? (e.g., An application I was testing with 8.6 went down in the middle of a scan, but I cannot tell what percentage of the scan is complete based on any of the metrics on the screen. There is a count called test elements, but don't know how to interpret that.)
I managed to get Traffic Viewer working (I know this is not a supported product) by changing the location of the Traffic Log file in the options setting. Will I have to change this each time I switch between 8.5 and 8.6?

Traffic Viewer does not show the request time when capturing traffic for Appscan 8.6 scans. Is this a configuration issue, or a defect. Are there any known problems in using Traffic Viewer with Appscan 8.6?

Thanks,
EdG
Updated on 2013-02-09T00:41:55Z at 2013-02-09T00:41:55Z by SystemAdmin
  • warrenm1
    warrenm1
    224 Posts
    ACCEPTED ANSWER

    Re: Appscan SE 8.6.0.1 Misc Questions

    ‏2013-02-07T21:13:51Z  in response to Ed_Grigoleit
    Hi Ed,

    Answers inline:
    We are just starting to use Appscan SE 8.6.0.1 (Appscan 8.5.0.1 is still installed on our desktops, and will stay there so we can access archived scans).
    We never perform full scans, always scanning an application in chunks using Manual Explores. The test count at the end of an explore has always been important to us, as it is an indication of how big the scan file will be, and how long the scan will take. Based on this count, we may decide to re-explore, or look to make other configuration changes. It also gave a better indication of scan progress than just a progress bar while a scan was running, or if it stops mid-scan. Appscan 8.6 no longer displays the test count. Is this a configuration setting that can be turned on?
    If not, is there another measure we can use to estimate scan size? (e.g., An application I was testing with 8.6 went down in the middle of a scan, but I cannot tell what percentage of the scan is complete based on any of the metrics on the screen. There is a count called test elements, but don't know how to interpret that.)

    You are correct, the test metrics have changed in 8.6, the new metrics more closely reflect the counts you would see in Appscan Enterprise. It now uses Visited Pages (instead of URL based) think of this as a normalized count of the urls. Tested Elements is now a count of the # of elements to be tested as opposed to the total # of security tests sent/to be sent. The closest thing to what 8.5 had would be the HTTP Requests sent, this includes the # of requests total sent including explore, broken, in session, login, tests. Usually the Tests represent the vast majority of this # and if you assume on average a security test has 2 requests it can give you a rough #. I believe there may already be an RFE logged to add something closer to the original as you are not the first to inquire.
    I managed to get Traffic Viewer working (I know this is not a supported product) by changing the location of the Traffic Log file in the options setting. Will I have to change this each time I switch between 8.5 and 8.6?

    8.5 used a global folder to store logs, 8.6 uses on in the users application data, the new model has the benefit of avoiding issues with multiple users writing to the same file at the same time which can cause a variety of issues. If you prefer you could set the default in both Appscan Standard and enterprise to point to a similar folder.

    Traffic Viewer does not show the request time when capturing traffic for Appscan 8.6 scans. Is this a configuration issue, or a defect. Are there any known problems in using Traffic Viewer with Appscan 8.6?

    Use the AppscanandPolicyTester.xml profile, the Appscan Standard traffic log is now in the same format as the Appscan Enterprise log, you will see the extra columns. From what I understand the next version of traffic viewer will have a profile specifically for >=8.6

    Hope this helps,
  • SystemAdmin
    SystemAdmin
    403 Posts
    ACCEPTED ANSWER

    Re: Appscan SE 8.6.0.1 Misc Questions

    ‏2013-02-09T00:41:55Z  in response to Ed_Grigoleit
    You are not getting the time stamps because the Parser Profile is not set to the version of AppScan the logs came from.

    Go to File/Import/Parser Profile and set it to the 8.6 with the first option
    or older version with the second option.