SUPPORT

Contact Support

OPEN A TICKET

Authentication Profiles

You can save a custom script for form authentication in Netsparker and use it many times for different websites.

Netsparker automates the authentication when it matches the URL at the beginning of the crawling process.

So, you do not have to configure form authentication for websites utilizing the same authentication procedure. The authentication profile also works for Single Sign-On (SSO) providers such as Microsoft and Google.

If you configured a form authentication and saved an authentication profile at the same time, Netsparker prioritizes the form authentication.

Please note that, for demonstration purposes, we will add a Microsoft SSO and scan a website requiring a Microsoft SSO.

Configuring Authentication Profile in Netsparker Enterprise

How to Create an Authentication Profile in Netsparker Enterprise
  1. Log in to Netsparker Enterprise.
  2. From the main menu, select Scans > Authentication Profiles.
  3. In the Authentication Profiles window, enter a login form URL and select + Add Script.
  4. Complete the remainder of the adding a custom script as described in the Custom Scripts for Form Authentication.
  5. Then, enter a Name and a Trigger URL to save the authentication profile. Select Save.

Authentication Profile in Netsparker Enterprise

Once you save an authentication profile, you can use this profile to scan your website(s).

How to Scan a Website with an Authentication Profile
  1. From the main menu, select Scans > New Scan.
  2. In the Target URL field, enter the URL.
  3. Complete the remainder of the fields, as described in Netsparker Enterprise New Scan Fields and Netsparker Enterprise Scan Options Fields.
  4. From the Authentication Profiles drop-down, select one of the following options:
    • (Do Not Use)
    • (Use Matched Profile)
    • Your Custom Profile (Microsoft, in this example)
  1. Select Launch.
How to Run a Group Scan with an Authentication Profile
  1. From the main menu, select Scans > New Group Scan.
  2. From the Website Group drop-down, select the website group you want to scan.
  3. Complete the remainder of the fields, as described in How to Scan a Website in Netsparker Enterprise.
  4. From the Authentication Profiles drop-down, select one of the following options:
    • (Do Not Use)
    • (Use Matched Profile)
    • Your Custom Profile (Microsoft, in this example)
  1. Select Launch.
How to Edit an Authentication Profile in Netsparker Enterprise
  1. From the main menu, select Scans > Authentication Profiles.
  2. Next to the relevant profile, select Edit.
  3. Make the necessary changes in the Custom Script Editor window. Enter a new name and a trigger URL, if required.
  4. Select Save.
How to Delete an Authentication Profile in Netsparker Enterprise
  1. From the main menu, select Scans > Authentication Profiles.
  2. Next to the relevant profile, select Delete.
  3. From the Deleting Authentication Profile dialog, select Delete.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo