Hi, I've been using WAS for a couple of days now to scan a small number of fairly complex web applications and I've not yet shared access to WAS with my developers or colleagues, but already I'm facing management issues. I've defined two Web Applications, two profiles, four security records, four selenium login scripts, and I've got a couple of dozen reports. There's much more to come.
How does one manage this mess? What did the Selenium login script look like when that report was run? What did the post black list regex look like? Why did it trigger here but not there?
What I'm looking for is some sort of XML export of the settings used for each scan, which I could manage in github or whatever. I could then compare and contrast various tests, and more importantly audit them for completeness according to my (evolving) standards.
How could this be workable if I did enable my colleagues to change things as well as me?