How do I run an authenticated web assessment using HTML Form JavaScript?

This article describes how to configure HTML Form JavaScript authentication for a web application assessment. This method allows the assessment to log in to a web application that uses a JavaScript-rendered HTML login form, so that vulnerabilities in protected areas can be identified.

Configure HTML Form JavaScript authentication

1. Log in to Security Center.
2. In the main navigation bar, click Assets > Web applications & APIs.
3. Click the edit icon next to the web application you want to configure, or click Add web application to create a new one.
4. In the configuration window, select Scan Settings and check JavaScript scanning.
5. Select Authentication and choose HTML Form JavaScript as the authentication method.
6. Enter the authentication record details:
   • Authentication record name: Give the record a descriptive name.
   • Username: The username used to log in to the web application.
   • Password: The password used to log in to the web application.
   • Login page URL: The URL of the web application's login page.
   • Success validation URL: The URL the application redirects to after a successful login.
   • Success validation string: A word or string that appears on the page only after a successful login (for example, "Dashboard" or "Welcome").

7. Fill in the locator fields using your browser's developer tools:Open the web application in a browser, right-click the target element on the login page and click Inspect. Then right-click the highlighted element in the developer tools panel and click Copy > Copy selector. Paste the result into the corresponding field in Security Center.

• • Username field locator: The CSS selector for the username input field.
  • Login form activator: The CSS selector for the password input field.
  • Login action field: The CSS selector for the log in button.

8. Click OK to save your changes.

9. Done!