Conditions

A Condition defines HTTP request parameters and browser actions to be evaluated to determine whether a Test, Action, or Step passes or fails.

Creating a Condition

Step 1

Conditions can be created from the profile page of a Rule. From the Rule's profile page, click on the "New Condition" button.

Step 2

Fill out the "New Condition" form to create your Condition.

Field Description
Title The name of the condition.
Description A breif description of the condition.
Risk The risk or severity of the condition.
Options
Informational
Low
Medium
High

Assertions

Assertions define the HTTP parameters or browser actions that are evaluated for a Condition. Select the item, condition, and value to configure one or multiple Assertions. These are the options to configure an assertion:

Browser Assertion Type

Field Description
Item The Browser/DOM component to be evaluated.

Options
Page Title - The title of the webpage that the browser has visited.
Page URL - The URL of the webpage.
Page HTML - The webpage's HTML/DOM contents.
Condition The condition that the browser item should meet.

Options
Should Equal - item should equal value.
Should Not Equal - item should not equal value.
Should Contain - item should contain value.
Should Not Contain - item should not contain value.
Value The value of the browser component to be evaluated (supports regular expression).

HTTP Request Assertion Type

Field Description
Item The Request item to be cheked.

Options
Request Header - Evaluate request header.
Request Cookie - Evaluate request cookie.
Request Body - Evaluate request body.
Response Header - Evaluate response header.
Response Cookie - Evaluate response cookie.
Response Body - Evaluate response body.
Response Code - Evaluate response code.
Condition The condition that the Request item should meet.

Options
Should Equal - item should equal value.
Should Not Equal - item should not equal value.
Should Contain - item should contain value.
Should Not Contain - item should not contain value.
Must Exist - item must exist.
Must Not Exist - item must not exist.
Must Exist and Equal - item must exist and should equal value.
Must Exist and Not Equal - item must exist and should not equal value.
Must Exist and Contain - item must exist and should contain value.
Must Exist and Not Contain - item must exist and should not contain value.
Should Not Contain Multiple - request should not contain multiple occurences of the item
Name The name of the header or cookie to be evaluated (supports regular expression).
Value The value of the header or cookie to be evaluated (supports regular expression).

The scope of an assertion can be configured to target specific requests. The following options are available to define the scope of an assertion.

Field Description
Hosts A comma delimited list of network hosts. Only requests to the hosts will be evaluated for this Assertion. This can be used to ignore non-relevent requests and speed up the amount of time that a step takes.
Examples: example.com, owasp.org, nist.gov
Paths A comma delimited list of paths. Only requests with paths that contain the values entered will be evaluated for this Assertion. This can be used to ignore non-relevent requests and speed up the amount of time that a step takes.
Examples: /home, /api/vi, /forms/transfer
Method The method used for the HTTP request.
Options: GET, POST, PUT, OPTIONS, DELETE, TRACE<, PATCH
Protocol The protocol used for the request.
Options
HTTP
HTTPS

Payloads

Payloads allow for testing sets of payloads by replaying request components, while substituting the configured request comonents with the payload value. This occurs during a Run for HTTP Request Steps.

Adding payloads

Payloads can be added from the Condition form. A payload can be added by clicking the "Add Payload" button.

Fill in the payload name and a list of payload values.

NOTE: Add the respective Rule to the Test, Action, or Step that you would like to run.

Then, create a Step and add placeholders in the locations that you would like the payload values to go. The format for a Payload placeholder begins with "$PAYLOAD:", followed by the Payload name, then followed by another "$" character to encapsulate the placeholder:

$PAYLOAD:PAYLOAD_NAME$


After running the Test, Action, or Step containing the Payload placeholder, you should see the a request for each value from the Condition's Payload value list.

Disabling Conditions

Disabling a Condition means that the Condition will not be evaluated when a test is Run. The condition will be "skipped".

Conditions can be disabled by clicking the "Disable" button on the Condition profile page.

Conditions can also be disabled by selecting the "Disable" option from a Condition's dropdown option on its Rule profile page.

Re-enabling Conditions can be done by clicking the same button and dropdown above. The button and dropdown will be labeled with "Enable" while the Condition is disabled.

Related Docs
Rules
Results

Next: Creating a Condition