SUPPORT

Contact Support

OPEN A TICKET

Configuring Basic, Digest, NTLM/Kerberos and Negotiate Authentication

Netsparker supports Basic, Digest, NTLM/Kerberos and Negotiate authentication mechanisms. This enables you to configure scans for websites that require those types of authentication.

Basic, Digest, NTLM/Kerberos and Negotiate Authentication Fields

This table lists and explains the fields in the Basic, Digest, NTLM/Kerberos and Negotiate Authentication section.

Field

Description

Basic, Digest, NTLM/Kerberos, Negotiate Authentication

Select to enable Basic, Digest, NTLM/Kerberos or Negotiate Authentication.

Type

Select the type of the authentication:

  • Basic
  • NTLM
  • Kerberos
  • Digest
  • Negotiate

URL Prefix

Enter the URL prefix that determines the scope of the authentication method. For example: https://www.example.com/protected.

Username

Enter the username for the login popup.

Password

Enter the password for the login popup, masked by asterisks.

Domain

Enter the domain setting, which should be the value of the domain name for Windows systems, not the host name of the site. This field is optional, for when the domain is required in Windows environments only.

Do not expect challenge (Basic Authentication)

Select to enable authentication, even if the server does not send an authentication challenge. This is an option that specifies whether the Basic Authentication credentials should be sent in each request without expecting a 401 Authentication challenge from the server.

How to Configure Basic, Digest, NTLM/Kerberos and Negotiate Authentication in Netsparker Enterprise
  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Scans, then New Scan. The New Scan window is displayed.
  3. From the Authentication section, select Basic, NTLM/Kerberos. The Basic, or NTLM/Kerberos, Negotiate Authentication section is displayed.
  4. Enable the Basic, Digest, NTLM/Kerberos, Negotiate Authentication checkbox.

  1. Click New Credential to enter the required information.
  • From the Type dropdown, select an option.
  • In the URL Prefix field, enter the scope of the authentication. For example, if the authentication is enabled on the /foo folder then enter: http://site.com/foo/.
  • In the Username field, enter the username.
  • In the Password field, enter the password.
  • In the Domain field, enter the domain name, if required.

  1. If required, enable the Do not expect challenge (Basic Authentication) checkbox.
  2. Click Test Credentials to make sure that the credentials work correctly.
  3. Click Launch.

How to Configure Basic, Digest, NTLM/Kerberos and Negotiate Authentication in Netsparker Standard

  1. Open Netsparker Standard.
  2. From the Home tab, click New. The Start a New Website or Web Service Scan dialog is displayed.
  3. Click the Basic, NTLM/Kerberos tab.
  4. Enable the Basic, Digest, NTLM/Kerberos, Negotiate Authentication checkbox.
  5. From the Type dropdown, select an option.

  1. In the URL Prefix field, enter the scope of the authentication. For example, if the authentication is enabled on the /foo folder then enter: http://site.com/foo/
  2. In the Username field, enter the username.
  3. In the Password field, enter the password.
  4. In the Domain field, enter the domain name, if required.
  5. Enable Do not expect challenge (Basic Authentication) if required.
  6. Click Start Scan.
Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO