SUPPORT

Contact Support

OPEN A TICKET

Authentication Profiles

You can save a custom script for form authentication in Netsparker and use it many times for different websites.

Netsparker automates the authentication when it matches the URL at the beginning of the crawling process.

So, you do not have to configure form authentication for websites utilizing the same authentication procedure. The authentication profile also works for Single Sign-On (SSO) providers such as Microsoft and Google.

If you configured a form authentication and saved an authentication profile at the same time, Netsparker prioritizes the form authentication.

Please note that, for demonstration purposes, we will add a Microsoft SSO and scan a website requiring a Microsoft SSO.

Configuring Authentication Profile in Netsparker Enterprise

How to Create an Authentication Profile in Netsparker Enterprise
  1. Log in to Netsparker Enterprise.
  2. From the main menu, select Scans > Authentication Profiles.
  3. In the Authentication Profiles window, enter a login form URL and select + Add Script.
  4. Complete the remainder of the adding a custom script as described in the Custom Scripts for Form Authentication.
  5. Then, enter a Name and a Trigger URL to save the authentication profile. Select Save.

Authentication Profile in Netsparker Enterprise

Once you save an authentication profile, you can use this profile to scan your website(s).

How to Scan a Website with an Authentication Profile
  1. From the main menu, select Scans > New Scan.
  2. In the Target URL field, enter the URL.
  3. Complete the remainder of the fields, as described in Netsparker Enterprise New Scan Fields and Netsparker Enterprise Scan Options Fields.
  4. From the Authentication Profiles drop-down, select one of the following options:
    • (Do Not Use)
    • (Use Matched Profile)
    • Your Custom Profile (Microsoft, in this example)
  1. Select Launch.
How to Run a Group Scan with an Authentication Profile
  1. From the main menu, select Scans > New Group Scan.
  2. From the Website Group drop-down, select the website group you want to scan.
  3. Complete the remainder of the fields, as described in How to Scan a Website in Netsparker Enterprise.
  4. From the Authentication Profiles drop-down, select one of the following options:
    • (Do Not Use)
    • (Use Matched Profile)
    • Your Custom Profile (Microsoft, in this example)
  1. Select Launch.
How to Edit an Authentication Profile in Netsparker Enterprise
  1. From the main menu, select Scans > Authentication Profiles.
  2. Next to the relevant profile, select Edit.
  3. Make the necessary changes in the Custom Script Editor window. Enter a new name and a trigger URL, if required.
  4. Select Save.
How to Delete an Authentication Profile in Netsparker Enterprise
  1. From the main menu, select Scans > Authentication Profiles.
  2. Next to the relevant profile, select Delete.
  3. From the Deleting Authentication Profile dialog, select Delete.

Configuring Authentication Profile in Netsparker Standard

How to Create an Authentication Profile in Netsparker Standard
  1. Open Netsparker Standard.
  2. From the Home tab, select Options, then Authentication Profiles.
  3. Enter a login form URL, then select + Add Script.
  4. Complete the remainder of the adding a custom script as described in the Custom Scripts for Form Authentication.
  5. In the Add As Custom Script dialog, enter a friendly name in the Script Name field.

  1. Select Save.
  2. From the Options window, select Apply, then OK.

Once you save an authentication profile, you can use this profile to scan your website(s).

How to Scan a Website with an Authentication Profile
  1. Open Netsparker Standard
  2. From the Home tab, select New.
  3. In the Target Website or Web Service URL, enter the URL of the website you want to scan.
  4. From the General tab, select one of the following options in the Authentication Profiles drop-down.
    • (Do Not Use)
    • (Use Matched Profile)
    • Your Custom Profile (Microsoft, in this example)

  1. Configure the Scan Policy and Netsparker Standard Scan Options Fields as required.
  2. Select Start Scan to scan a website.

Since an authentication profile is selected, there is no need to configure a Form Authentication. Netsparker uses the authentication profile and can authenticate. To make sure that you can examine the Logs panel to view that Netsparker authenticated itself during the scanning.

How to Edit an Authentication Profile in Netsparker Standard
  1. Open Netsparker Standard
  2. From the Home tab, select Options, then Authentication Profiles.
  3. From the Custom Script tab, select ellipsis to open the Custom Script Editor.
  4. Make required changes in the Custom Script Editor window, and select OK.
  5. In the Add As Custom Script dialog, enter a new script name, if necessary.
  6. Select Save.
  7. From the Options window, select Apply, then OK.
How to Delete an Authentication Profile in Netsparker Standard
  1. Open Netsparker Standard.
  2. From the Home tab, select Options, then Authentication Profiles.
  3. Next to the relevant authentication profile, select .
  4. From the Delete Authentication Profile dialog, select Yes.
Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

Get a demo