...
At the start menu of your computer, open "Programs" and then "Remote Desktop Connection." Enter "weber.uit.tufts.edu" as the computer and then click OK. Next authenticate your credentials by clicking "Use Another Account." Enter TUFTS\ and then your UTLN. If you receive a message that says "The identity of the remote computer cannot be verified. Do you want to connect anyway?" select "Yes." 
On the desktop of the virtual machine, open IBM Rational AppScan and select "Create New Scan" and then "Regular Scan". This will launch the Configuration Wizard. Select "Web Application Scan." 
You will be prompted to enter a starting URL. Enter the URL of your application and then check the box that says "Scan only links in and below this directory." NOTE: This step is very important. If you leave this box unchecked, AppScan will attempt to scan the entire internet instead of only your application and things it links to. This will exponentially increase the amount of time your scan will take to complete. Please check this box. 
Click next. If your application requires a log-in, press "Record." This will open your application's URL and you should then navigate to the log-in screen. AppScan will record how you get there and the credentials that you enter.NOTE: NEVER give AppScan administrator credentials. AppScan will open EVERY link in your application. For Administrators, this almost always includes a link which will shut down the application. AppScan will not know to differentiate the disable links from other links and it will shut down your application. Please give AppScan a user credential. For extra security, if your application is on a virtual machine, take a snapshot of it before running the scan. Also notify any others who might be working on the application that it may be disrupted during the time of the scan. 
Click next. Test policy should either be "Default" or "Complete." Default will run most of the security tests that AppScan contains against your application. Complete will run all of AppScan's tests against your application. Try running a default Test Policy first. If you don't get many results, run a complete scan. 
Click "Next." Select "Start a Full Automatic Scan" and then select "Finish." You will be prompted to save your scan. Once the scan is saved, it will start automatically. If the scan does not start automatically, find the green button with a triangle in it that says "Scan." Click it and then select "Start Full Scan." Add Labels