Topic
  • No replies
SystemAdmin
SystemAdmin
403 Posts

Pinned topic Caching JavaScript during manual (no-spider) scans?

‏2013-02-06T19:37:32Z |
Greetings --

Is it possible to have AppScan cache JavaScript files that are captured during a manually recorded scan? We sometimes will do manual scans to test out small snippets of functionality (and when we're unsure the auto-spider will navigate the application correctly). In some applications, we've identified 20 different JavaScript files getting loaded on each requests. Each time it does this, a delay of 2-3 seconds is observed. If caching static javascript files is not possible during manually recorded scans, what is the potential impact of the other solutions:

(1) Manually removing the duplicate JavaScript files from the recorded scan. It seems like this could impact AppScan's ability to discover XSS vulnerabilities. If we could do this without negatively impacting the scan results or reducing the likelihood of vulnerability discovery, this would be a great option.

(2) I know the option to "Test URLs as an ordered sequence (multi-step operation)" is necessary for multi-step application logic (e.g. a multi-step forms). However, is there any impact to not having this enabled if no multi-step application logic exists? Specifically, I just wanted to confirm that if a page is requested during a manual scan -- that any JavaScript files that page includes would also be loaded (regardless of whether the manually recorded events are configured to execute as an ordered sequence).

Any insight would be very very appreciated.