Pyscan

Coupling AppScan® with the powerful capabilities of Python™ scripts -- one of the most advanced, established, yet easy to learn, scripting languages used by penetration testers -- give users an unprecedented platform for extending security testing. Pyscan is a revolutionary new way to leverage the power of AppScan without the limitations of a user interface. Integrating Python scripting within AppScan's configuration framework produces a level of customization previously unavailable to security professionals and penetration testers. Users can now harness core web application scanning functions, such as the AppScan Advanced Session Management, reporting and scanning engine, to customize a scan for a specific audit.

Python Scripting and AppScan for Targeted, Real-time Penetration Testing
Pyscan leverages the Advanced Session Management of AppScan to establish and maintain login state while enabling Python Scripting via AppScan's engine in order to expose potential web application vulnerabilities. All results are immediately reported in AppScan’s Security Issues view. Users can invoke customized scripted web application attacks that previously were not feasible through manual penetration testing efforts alone. Examples of such scripts include finding suspicious content, scriptable rules, or HTTP fuzzing.