Predefined Test Policies
The Policy Files pane at the lower left of the Test Policy view lets you select one of the recently used policies, or
one of the predefined ones. The predefined policies provide a range of useful policies for common requirements.
Policy Name
|
Description
|
Default
|
Includes all tests except invasive and port listener tests.
|
Application-Only
|
Includes all application level tests except invasive and port listener tests.
|
Infrastructure-Only
|
Includes all infrastructure level tests except invasive and port listener tests.
|
Invasive
|
Includes all invasive tests (tests that might affect the server's stability).
|
Complete
|
Includes all AppScan tests.
|
Web Services
|
Includes all SOAP related tests except invasive and port listener tests.
|
The Vital Few
|
Includes a selection of tests that have a high probability of success. This can be useful for evaluating a
site when time is limited.
|
Developer Essentials
|
Includes a selection of application tests that have a high probability of success. This can be useful for
evaluating a site when time is limited.
|
Editing a Test Policy
You can make your own adjustments to the current Test Policy by adding or deleting tests. You can, and export the
configuration as a user-defined test policy for future use.
To edit a Test Policy:
-
In the Scan Configuration dialog box, click Test Policy (or select Scan
Configuration Wizard > Test Policy). The upper area lists all of the IBM® Rational® AppScan® tests, and
indicates which are included in the current scan (check box selected).
-
Include and exclude tests or variants by selecting or clearing the check box(es). (To view individual variants,
click the + icon next to a test Name.)
-
For each test, Name, Severity, Type, Invasiveness, and Threat Class are shown. You can
Sort tests by any of these fields by clicking the column header.
-
The Search facility lets you search for tests using free text search. Type the text into
the Look for field, and click Find Now.
-
In the Information field at the top left of the dialog box, you can edit the description field by typing in
text.
-
New tests are continually being added to AppScan's database of tests. By default, all new tests except Invasive
tests are added to all user-defined test policies. However, you can define which groups in your policy will be
updated:
-
-
Click Update Settings, select or clear check boxes in the Test Policy Update
Settings dialog box as required, then click OK.
-
The dialog box contains three groups: Test Type, Test Invasiveness, and Test Severity. Only the tests that
belong to a selected category in all three groups will be added to the current policy, when new tests are
added to your AppScan database of tests.
-
For example, if you select High Severity, but clear Invasive, high
severity, invasive tests will not be added to this policy when updates become available.
-
You can optionally give the scan a name and save it for future use (click Export, and save it in
.policy format).
-
Click OK to save the changes to the current Test Policy.
Exporting a Test Policy
To export a Test Policy:
-
In the Scan Configuration > Test Policy view, edit the policy as required.
-
Click Export.
-
Type a name for the policy, and click Save. The file is saved as a .policy file.
|