The purpose of "Test Access"

The purpose of "Test Access" is to confirm whether each page can be scanned properly.

After Handler is setup, perform "Test Access" on all scanning targets and confirm whether the scanning setting properly works (i.e. the page transition is properly performed) before running Vex.

*If you run Vex with Test Access failed, the scan results will be unreliable.

<Procedure of Test Access>

1. Select the "Scenario" tab and click the "Handler" button to view "Handler setting information".

2. Click the red "send" icon of a message that you want to perform Test Access.

3. After Test Access is completed, the Test Access result is displayed in the right pane.

* By clicking a "function name" on the Test Access result, you can view the details of Request and Response information.

4. View the response information of the Test Access result and confirm whether or not reproduction of the page transition was successful.
Compare the HTML response content with the proxy log response content and if the response of the page is returned normally, you can determine the page transition was successful.

Ex) An error response when performing Test Access to the "Completion" page

* An error can be confirmed by failing the page transition.

 Error confirmation can be simply done by using "Response Matched Rate" and each "Icon information".

For example, if you use the "Display HTML" icon, "Response information" obtained by Test Access is displayed in the browser.
To determine if the page transition is properly made to the target page, it is easier to check response information in the browser than in the character string because you can check it visually.

※ Response Matched Rate
"Response Matched Rate" indicates the matched rate of the response in the proxy log  (response at normal page transition) and the response  at "Test Access".
In general, the higher the Matched Rate, the higher the possibility that the page transition has been made correctly since the contents returned are closer to the response at the time of a normal page transition.
However, even if the Matched Rate is low, page transitions may be properly performed in some cases.
As a guide, we recommend that you check the each Icon information in combination.

<Check the followings when Test Access fails>

1. If there are multiple pages in  the page transition, identify the initial page that fails.
Identify the "Pre processor" for the page that initially fails on the page transition, and modify Handler.
* This procedure is unnecessary if Pre processor is not set for the scanning target message.

If the page transition fails in "Pre processor 1 to 3" after Test Access, the page may be the cause of Test Access failure of the "Target page".
Check the response contents of "Preprocessor 1 to 3", or use the "Display HTML" icon etc to identify the initial page failed on the page transition and fix the "Pre processor" Handler.

2. If the order of the page transition is correct?
Some websites have constraints depending on their features such as they have pages necessary to pass through, or cannnot be accessed unless correct page transitions.

If the page transition lacks some pages, or is out of order, review "Pre processor" and fix them.
If necessary page transitions haven't been logged in the proxy log or the specifications of the website have been modified, you need to log a new proxy log.

In the case that an scanning target site uses Ajax or a frame, multiple requests may be submitted with a single page transition.
For example, if you use a frame like the following, if you acquire the proxy log, it may be logged in the following order.

When frames are used, create a page transition like following below:

3. Has handover of variable parameter value been performed normally?

Parameter handover may not have been performed normally.If it includes a one-time token or a parameter that can be used only once, you nee to modify the submitted value in Handler.