Importing Functional Testing files in a Guided Scan

If you have the OpenText™ Functional Testing application installed, OpenText DAST detects it and enables you to import a functional testing file (.usr) into your workflow scan to enhance the thoroughness and attack surface of your scan. For more information, see Functional Testing on the OpenText website.

To import a functional testing (.usr) file into an OpenText DAST Guided Scan:

  1. Launch a Guided Scan, and then select Workflows Scan as the Scan Type. Additional text appears under the Workflows scan option:

    OpenText Functional Testing has been detected. You can import scripts to improve the thoroughness of your security test.

  2. Click the Next button.

  3. In the Authentication section, Application Authentication is automatically selected. Complete the fields as indicated.

  4. On the Manage Workflows screen, click Import. The Import Scripts dialog box appears. On the Import Scripts dialog box, you may:

    • Type the filename.

    • Browse to your file by clicking to locate your file with a .usr extension. Select VuGen script file from the drop-down file type, and then navigate to the file.

    • Click Edit to launch the OpenText Functional Testing application.

  5. (Optional) On the Import Scripts dialog box, you may select either of the following options:

    • Show OpenText Functional Testing UI during import

    • Open script result after import

  6. Select the file to import, and then click Import. After your file is successfully imported, the file appears in the Workflows table.

  7. Select one of the following from the Workflows table:

    • Record - launches the Web Macro Recorder. For more information, see the Web Macro Recorder chapters in the OpenText™ Dynamic Application Security Testing Tools Guide.

    • Edit - enables you to modify the file using the Web Macro Recorder. See the Web Macro Recorder chapters in the OpenText™ Dynamic Application Security Testing Tools Guide.

    • Delete - deletes the script from the Workflows table.

    • Import - imports another file.

    • Export - saves a file in .webmacro format with the name and location you specify

  8. Click the Next button.

    When the first .usr script file is added to the list, its name (or default name) appears in the Workflows table and an Allowed Hosts table is added to the pane.

    Adding another .usr script file can add more allowed hosts. Any host that is enabled is available to all the listed workflow .usr script files, not just the workflow.usr file for which it was added. The Guided Scan will play all the listed workflow files and make requests to all the listed allowed hosts, whether or not their check boxes are selected. If a check box for an allowed host is selected, OpenText DAST will crawl or audit the responses from that host. If a check box is not selected, OpenText DAST will not crawl or audit the responses from that host. In addition, if a particular workflow .usr script uses parameters, a Macro Parameters table is displayed when that workflow macro is selected in the list. Edit the values of the parameters as needed.

  9. After you have completed changes or additions to the Workflows table, proceed in the Guided Scan wizard to complete your settings and run the scan. For more information about recording a new login macro or using an existing login macro, see the Web Macro Recorder chapters in the OpenText™ Dynamic Application Security Testing Tools Guide.