Configuring scan details for API and web service scans

You can launch the Web Service Test Designer or configure additional settings for the scan in the Detailed Scan Configuration page of the API Scan Wizard.

Launching the Web Service Test Designer

If you are configuring a web service scan, you might want to launch the Web Service Test Designer to confirm that the intended behavior of the imported WSD or WSDL file is correct.

To launch the Web Service Test Designer:

  1. Click Design.

    The Web Service Test Designer opens, with the imported WSDL in view.

  2. Edit the file as needed.

    For more information, see the Web Service Test Designer Help or the OpenTextâ„¢ Dynamic Application Security Testing Tools Guide.

  3. In the Web Service Test Designer, save the WSD file.

  4. Proceed to Configuring additional settings for API and web service scans.

Configuring additional settings for API and web service scans

Optionally, you may select or configure additional settings in the Settings section as described in the following table.

If you want to... Then...
Use the stand-alone proxy server

Select Launch and Direct Traffic through Web Proxy.

Note: This option is not available if you are scheduling a scan.
Capture and display every HTTP request sent by OpenText DAST during the scan Select Enable Traffic Monitor.

Import suppressed findings from existing scans

  1. Select Import Suppressed Findings.

  2. Click select scans.

    The Select a Scan to Import Suppressed Findings dialog opens.

  3. Select one or more scans containing suppressed findings from the same site you are now scanning.

  4. Click OK.

Import suppressed findings from suppressed findings files

  1. Select Import Suppressed Findings.

  2. Click select file.

    A standard Windows file selection dialog box opens.

  3. Select the file to import, and then click Open.

  4. Optionally, repeat Steps 1 and 2 to select additional files.
Add allowed hosts

  1. In the Add Allowed Hosts section, click Add.

  2. On the Specify Allowed Host dialog box, enter a URL (or a regular expression representing a URL).

    Note: When specifying the URL, do not include the protocol designator (such as http:// or https://).

  3. If you entered a regular expression for the allowed host, select Use Regular Expression.

    Tip: For assistance creating a regular expression, click  (to the right of the Allowed Host box).

  4. Click OK.

    The URL is added to the Allowed Hosts list.

What's next?

To save the settings, run the scan, or schedule the scan, click Next and proceed with Saving settings or starting the API scan .