(IBMRationalAppScan is an automated detection tool for web usage security detection, which can be used to automatically detect security vulnerabilities in web usage. From version 7.5 onwards, RationalAppscan provides an extension mechanism - AppScaneXtensionFramework. This article shows how to use AppScaneXtensionFramework through a detailed example to create a RationalAppScan plug-in based on C# in Microsoft?VisualStudio?2008 and then enhance the use of RationalAppScan. Introduction to AppScan IBM Rational AppScan is an automated tool for web usage security detection. It can be used to automatically detect security vulnerabilities in web usage, such as cross-site scripting attacks (CrossSiteScriptingFlaws), injection attacks (InjectionFlaws), invalid access control (BrokenAcceSSControl), cache Overflow problems (BufferOverflows) and so on. Most of these security vulnerabilities are included in the web usage security vulnerabilities published by OWASP (OpenWebApplicationSecurityProject, Open Web Application Security Project).)