Using macros

A macro is a recording of the events that occur when you access and log in to a website. You can subsequently instruct OpenText DAST to begin a scan using this recording. You can use either the Session-based Web Macro Recorder tool or the Event-based Web Macro Recorder tool to record login macros, or you can create them in the Basic Scan or Guided Scan wizards. Macros that are created in a Basic Scan or a Guided Scan can be used in either type of scan.

There are two types of macros:

• A login macro is a recording of the events that occur when you access and log in to a website using a Web Macro Recorder tool. You can subsequently instruct OpenText DAST to begin a scan using this recording.

  If Enable macro validation is selected in Scan Settings: Authentication for scans that use a login macro, OpenText DAST tests the login macro at the start of the scan to ensure that the log in is successful. If the macro is invalid and fails to log in to the application, the scan stops and an error message is written in the scan log file. For more information and troubleshooting tips, see Testing login macros.

  Note: Macro testing is not supported for macros containing two-factor authentication.

• A workflow macro is a recording of HTTP events that occur as you navigate through a website using a Web Macro Recorder tool. OpenText DAST audits only those URLs included in the macro that you previously recorded and does not follow any hyperlinks encountered during the audit. Supported macros are .webmacro files, Burp Proxy captures, and .har files.

Any activity you record in a macro will override the scan settings. For example, if you specify a URL in the Excluded URL setting, and then you actually navigate to that URL when creating a macro, OpenText DAST will ignore the exclusion when it crawls and audits the site.

See also

Scan settings: Authentication

Running a Guided Scan

Running a Basic Scan (website scan)

Selecting a workflow macro

Using a Web Macro Recorder