Skip to main content

Authenticated Scan

Description

Authenticated Scan is a feature that facilitates security scanning of applications requiring authentication by leveraging cookies and forms. It is compatible with both monolith and microservice architectures, ensuring comprehensive coverage of protected application areas.

note

To use the authentication feature, users must first follow the scanning steps. After that, the user selects the Website Scanner tool because only the Website Scanner tool has the authentication feature. Then, activate the authentication feature by clicking Enabled Authentication, and the Session Cookies and Form will appear. Users can also choose to apply it to monolith or microservice services.

Steps Using Authenticated Scan

Cookies Capture Form Capture Users can follow the following steps.

  1. Choose the Service Type, Monolith or Microservice
  2. To fill in the Session Cookies, click the Session Cookie section and complete the form. Users can see the examples listed
  3. Enter URL After Login in the URL After Login textbox
  4. Enter Logout Form URL in the Logout Form URL textbox
  5. Enter Login Success Indicator in the Login Success Indicator textbox
  6. Enter Logout Success Indicator in the Logout Success Indicator textbox (optional)
  7. Input cookies in the Cookies textbox Cookies Capture
  8. Input header in the Header textbox (optional)
  9. To fill in the Form, click the Form section and complete the form. Users can see the examples listed
  10. Enter the login form URL in the Login Form URL textbox
  11. Enter the login page URL in the Login Page URL textbox (optional)
  12. Enter the login request payload in the Login Request Payload textbox
  13. Enter logout Form URL in the Logout Form URL textbox
  14. Enter login success indicator in the Login Success Indicator textbox
  15. Enter logout success indicator in the Logout Success Indicator textbox (optional)
  16. Input cookies in the Cookies textbox (See: Step 7)
  17. Input header in the Header textbox (optional)
  18. Click the Check Authentication button to ensure that the cookie used is valid for testing. Form Capture
  19. If Authentication Success, click the agree Terms of Service checkbox
  20. Click the Start Scan button to start the scan, and click Cancel if you want to cancel