I have a question regarding a problem which i am facing with IBM Rational Appscan, specially in case of insession detection. so here the actual scenario for the particular web application which i am testing. The app has a basic html login page from where you need to choose appropriate page to load and according to that use the credentials provided. so once we do this you will be redirected you to the secure site of that particular page(consider it is wire transfers panel). But what happened lately is i recorded the login sequence and appscan is able to login and logout but it is not scanning the page which is what i said earlier as wire transfer pane. but it scans through out the login page which is actually out of scope.
then i did those login pages URL's in to exclude list but still same thing is happening, appscan continues to scan but does not find anything and after an hour of scan it just stops scanning saying it has detected out of scan.
victorgrant replied
389 weeks ago