What does the different settings mean for authenticated web application scanning?

There are several settings available for the authenticated web application scanning. The feature allows the scanner to login to a protected web application and continue the scan in order to find vulnerabilities within the protected web application.

In order to setup an authenticated web application scan see the following article:
http://support.holmsecurity.com/hc/en-us/articles/115003065809

Authentication

General information (Form record)

Authentication information
Either you create a new record or use a pre-created record.

Authentication record name
The name of the record you wish to use. 

orm_record.PNG

Record information (form record)

Username (name of field)
The HTML name of the field where the username is applied.

Value
The username which the scanner will use for login. 

Password (name of field)
The HTML name of the login field.

Value
The password which the scanner will use in order to login.

Record_information.PNG

Add extra field
Use if additional fields are needed.

Auth URL
The URL where the authentication form is located.

Check URL
The URL which the user lands on after the login has been approved. 

Check string
This is the string that is checked for validation after logged in. 

Method
The method which the scanner will use in order to apply the login information.

Server record

General information

Authentication information
Information regarding the profile.

Authentication record name
The name of the authentication record.

Username
The username which the scanner will use to login.

Password
The password which the scanner will use to login.

 

Server_record.PNG

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.