Parameters Training

During a scan, AppSpider may encounter forms made up of input controls like text areas, dropdowns, and checkboxes. AppSpider will attempt to fill these forms using test data and submit them in order to explore the functionality of the web application. The values from the input controls are sent to the web application as request parameters. Some forms may have fields that AppSpider does not know how to fill. For example, your website may be in a language for which AppSpider does not have any test data or there may be a disclaimer that you need to accept before submitting the form. You can train AppSpider on how to enter data in these fields.

The Parameters Training screen has two tabs: Simple and Advanced.

Simple Tab

The Simple tab has a table with three columns: Parameter, Value, and Match Criteria. You can set the text in the field as the Parameter, the value you would like to enter as the Value, and use the Match Criteria field to specify whether AppSpider should match the Parameter with the text in your web application as a literal string, wildcard, or regular expression.

Advanced Tab

The Advanced tab contains the following elements:

  • Pattern - A descriptive name of this pattern. For example, "Last name".
  • Language - The language of the web application for which this pattern should be applied. You may need to create different patterns for web pages in different languages.
  • Text Match - The string that should match the text in the input control for this pattern to be applied.
  • Match Type - Decides whether AppSpider will match the Text Match string with the input control as a literal string, a wildcard, or a regular expression.
  • Control Types - The types of input controls such as radio buttons, checkboxes, and text areas, where this pattern can be applied.
  • Value Match - The input control may have a number of values from which one can be selected. For example, checkboxes may use the value of 1 for selected and 0 for unselected. If any value of the input matches the Value Match regular expression, then AppSpider will select that value for the input control.
  • Value - AppSpider will enter this value if the input control allows the entry or selection of a literal value.

To modify parameter data, select a row in the Parameters table, modify the data in the Parameter area at the bottom of the panel, and select the checkboxes for the applicable control types.