SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Configuring Basic, Digest, NTLM/Kerberos Authentication in Netsparker Standard

Netsparker Standard supports Basic, Digest, NTLM/Kerberos authentication mechanism. This enables you to configure scans for websites that require those types of authentication.

Basic, Digest, NTLM/Kerberos Authentication Fields

This table lists and explains the fields in the Basic, Digest, NTLM/Kerberos Authentication section.

Field

Description

Type

This is the type of the authentication:

  • Basic
  • NTLM
  • Kerberos
  • Digest
  • Negotiate

URL Prefix

This is the URL prefix that determines the scope of the authentication method.

Username

This is the username.

Password

This is the password, masked by asterisks.

Domain

This is the domain setting, which should be the value of the domain name for Windows systems, not the host name of the site. This field is optional.

Do not expect challenge (Basic Authentication)

This is an option that specifies whether the Basic Authentication credentials should be sent in each request without expecting a 401 Authentication challenge from the server.

How to Configure Basic, Digest, NTLM/Kerberos Authentication in Netsparker Standard

  1. Open Netsparker Standard.
  2. From the Home tab, click New. The Start a New Website or Web Service Scan dialog is displayed.
  3. Click the Basic, NTLM/Kerberos tab.
  4. In the Basic, Digest, NTLM/Kerberos Authentication section, check Enabled.
  5. From the Type dropdown, select an option.

  1. In the URL Prefix field, enter the scope of the authentication. For example, if the authentication is enabled on the /foo folder then enter: http://site.com/foo/.
  2. In the Username field, enter the username.
  3. In the Password field, enter the password.
  4. In the Domain field, enter the domain name, if required.
  5. In URL Prefix, enter the URL prefix.
  6. In Username, enter a username.
  7. In Password, enter a password.
  8. In Domain, enter the domain.
  9. Enable Do not expect challenge (Basic Authentication) if required.
  10. Click Start Scan.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO