Application settings: General

To access this feature, click Edit > Application Settings and then select General.

General

The General options are described in the following table.

Option	Description
Enable Active Content in Browser Views	Select this option to allow execution of JavaScript and other dynamic content in all browser windows within OpenText DAST. For example, one OpenText DAST attack tests for cross-site scripting by attempting to embed a script in a dynamically generated Web page. That script instructs the server to display an alert containing the number "76712." If active content is enabled and if the attack is successful (i.e., cross-site scripting is possible), then selecting the vulnerable session and clicking on Web Browser in the Session Info panel will execute the script and display the following: Note: If you initiate or open a scan while this option is disabled, and you then enable this option, the browser will not execute the active content until you close and then reopen the scan.
Enable Diagnostic File Creation	If the OpenText DAST application should ever fail, this option forces OpenText DAST to create a file containing data that was stored in main memory at the time of failure. You can then provide the file to OpenText support personnel. If you select this option, you may also specify how many diagnostic files should be retained. When the number of files exceeds this limit, the oldest file will be deleted.
Reset "Don't Show Me Again" messages	By default, OpenText DAST displays various prompts and dialog boxes to remind you of certain consequences that may occur as a result of an action you take. These dialog boxes contain a check box labeled "Don't show me again." If you select that option, OpenText DAST discontinues displaying those messages. You can force OpenText DAST to resume displaying those messages if you click Reset "Don't Show Me Again" messages.
Use Seven Pernicious Kingdom (7PK) Taxonomy	This option enables you to select The Seven Pernicious Kingdoms taxonomy for ordering and organizing the reported vulnerabilities. Seven Pernicious Kingdoms (7PK) is a taxonomy of software security errors developed by the OpenText Software Security Research Group together with Dr. Gary McGraw. Each vulnerability category is accompanied by a detailed description of the issue with references to original sources and code excerpts, where applicable, to better illustrate the problem. The organization of the classification scheme is described with the help of terminology borrowed from biology: vulnerability categories are referred to as phyla, while collections of vulnerability categories that share the same theme are referred to as kingdoms. Vulnerability phyla are classified into pernicious kingdoms presented in the order of importance to software security. The seven kingdoms are: Input Validation and Representation API Abuse Security Features Time and State Errors Code Quality Encapsulation * Environment The first seven kingdoms are associated with security defects in source code, while the last one describes security issues outside the actual code. The primary goal of defining this taxonomy is to organize sets of security rules that can be used to help software developers understand the kinds of errors that have an impact on security. By better understanding how systems fail, developers will better analyze the systems they create, more readily identify and address security problems when they see them, and generally avoid repeating the same mistakes in the future. For more information, see https://vulncat.fortify.com/. You might want to use the Seven Pernicious Kingdoms taxonomy if you are integrating OpenText DAST with other OpenText Fortify products as it provides for a unified taxonomy.
Use OpenSSL Engine	By default, OpenText DAST uses this option. The OpenSSL engine provides support for websites that require use of the TLS 1.3 security protocol. OpenSSL is backwards compatible with previous versions of the TLS protocol. If this option is enabled, the SSL/TLS Protocols options are disabled in Scan settings: Method. You cannot select individual protocols for a scan.
Enable HTTP/2 Support	Use this option if your website supports the HTTP/2 protocol only and you experience issues using the HTTP/1 protocol.
Use Composite Scan Settings	Composite settings consist of a JSON version of the scan settings packaged in a ZIP file with any binary files required for the scan, such as macros, client certificates, custom policies, and so forth. OpenText ScanCentral DAST uses composite settings. By default, OpenText DAST uses XML settings. Selecting this option enables OpenText DAST to create and use composite settings that are ready to import and use in OpenText ScanCentral DAST without conversion. You cannot convert XML settings into composite settings in the OpenText DAST UI. You must use the OpenText DAST API endpoint `configuration/scansettings/convert` or import the settings into OpenText ScanCentral DAST for automatic conversion. Additionally, when saving a settings file from a scan that was conducted using XML settings, the file is saved in the XML format even if the Use Composite Scan Settings option is enabled. Important! If you enable this option, only ZIP settings will be accessible in OpenText DAST for configuration purposes. To access XML settings, you must disable this option.

OpenText DAST Agent

The OpenText DAST Agent options are described in the following table.

Option	Description
Use WebInspect Agent information when encountered on target site	If this option is selected and OpenText DAST detects that OpenText DAST Agent is installed on a target server, it will incorporate OpenText DAST Agent information to improve overall scan efficiency. A notation on the OpenText DAST dashboard indicates whether or not OpenText DAST Agent has been detected.
Automatically group by duplicate vulnerabilities in vulnerability window	If this option is selected and OpenText DAST Agent information is used (above setting), then vulnerabilities listed on the Findings tab in the Summary pane will be grouped by check and then by equivalent vulnerabilities.
Allow WebInspect Agent to suggest attack strategy	If this option is selected and OpenText DAST information is used (see Use WebInspect Agent Information When Encountered on Target Site above), the agent operates in an active mode and can suggest attack strategies to OpenText DAST to improve accuracy and performance. To use this feature, you must be using the Seven Pernicious Kingdoms taxonomy.

Option

Description

Use WebInspect Agent information when encountered on target site

If this option is selected and OpenText DAST detects that OpenText DAST Agent is installed on a target server, it will incorporate OpenText DAST Agent information to improve overall scan efficiency.

A notation on the OpenText DAST dashboard indicates whether or not OpenText DAST Agent has been detected.

Automatically group by duplicate vulnerabilities in vulnerability window

If this option is selected and OpenText DAST Agent information is used (above setting), then vulnerabilities listed on the Findings tab in the Summary pane will be grouped by check and then by equivalent vulnerabilities.

Allow WebInspect Agent to suggest attack strategy

If this option is selected and OpenText DAST information is used (see Use WebInspect Agent Information When Encountered on Target Site above), the agent operates in an active mode and can suggest attack strategies to OpenText DAST to improve accuracy and performance. To use this feature, you must be using the Seven Pernicious Kingdoms taxonomy.

See also

Application settings: Database

Application settings: Directories

Application settings: License

Application settings: Logging

Application settings: OpenText ALM

Application settings: override SQL database settings

Application settings: Proxy

Application settings: Reports

Application settings: Run as a Sensor

Application settings: Server Profiler

Application settings: Smart Update

Application settings: Step Mode

Application settings: Support Channel

Application settings: Two-Factor Authentication