Skip to content
  • There are no suggestions because the search field is empty.

What is HTML Form authentication for web assessments?

HTML Form authentication allows the assessment to log in to a protected web application using a standard HTML login form. Once authenticated, the assessment continues to identify vulnerabilities within the web application's protected areas.

To learn how to set up an authenticated web application assessment, see the following article:

http://support.holmsecurity.com/hc/en-us/articles/115003065809

Authentication details

When configuring HTML Form authentication, you can either create a new authentication record or use an existing one.

Authentication record name
The name of the authentication record to use.

Username (Form field name)
The HTML name attribute of the input field where the username is entered.

Value (Form field value)
The username that the assessment will use to log in.

Password (Form field name)
The HTML name attribute of the input field where the password is entered.

Value (Form field value)
The password that the assessment will use to log in.

Add extra field
Use this option if the login form requires additional fields, such as hidden tokens or multi-step inputs.

Authentication URL
The URL where the authentication form is located.

Success validation URL
The URL to which the user is redirected after a successful login.

Success validation string
A string that is checked in the response to verify that authentication was successful.

Method
The HTTP method the assessment uses to submit the authentication data (for example, POST).