SUPPORT

24/5 Hotline Support Service

+44 (0)20 3588 3841

Open a Support Ticket

support@netsparker.com

Configuring Form Authentication in Netsparker Standard

Netsparker Standard web application security scanner has a form authentication mechanism that makes it easy to configure scans for websites that require user authentication.

The form authentication mechanism in Netsparker Standard fills and submits login forms on your websites by means of the DOM of the login form page. This means that it does so without the need to record any login macros. It automatically detects the login form components, the username, and the password inputs. It then populates them and submits the login form. To do this, you only need to configure:

  • Login form URL
  • Credentials (username & password)

How to Configure Automatic Form Authentication in Netsparker Standard

    1. Open Netsparker Standard.
    2. From the Home tab, click New. The Start a New Website or Web Service Scan dialog is displayed.
    3. Select the Form tab. The Form Authentication section is displayed.
    4. In the Form Authentication section, check the Enabled checkbox.
    5. In Login Form URL, enter the URL.
    6. In Username field, enter a username.
    7. In the Password field, enter a password. Use the Show/Hide Password button () if required.

  1. Click Start Scan.

Configuring a Login Form URL

The login form URL that should be configured in Netsparker is the URL of the page where your login form resides. Most websites these days have URLs like http://www.example.com/Login/ for their users to authenticate. It is also common for websites to have their login form on their homepages, usually somewhere located in the header or sidebar part. If this is the case, specify your website's home page URL in Netsparker as the login form URL. Netsparker has a better chance of detecting and filling the login form on pages dedicated to the login operation, so always specify the dedicated login form URL if you have a login form both on your homepage and on a dedicated login page.

How to Configure a Login Form URL in Netsparker Standard

  1. Open Netsparker Standard.
  2. From the Home tab, click New. The Start a New Website or Web Service Scan dialog is displayed.
  3. Select the Form tab. The Form Authentication panel is displayed.
  4. Select the Enabled checkbox.
  5. In Login Form URL, enter the URL that contains your dedicated login form page.
  6. Continue from step 6 of How to How to Configure Automatic Form Authentication in Netsparker Standard.

Configuring Multiple Sets of Credentials and URLs

The other piece of information Netsparker requires for authenticating during a web application security scan are the credentials. You can enter more than a single set of credentials to simulate the different kinds of personas your website supports, such as one for regular users and one for admin users. This way, you will be able to easily switch between accounts and performs authenticated scans with different user accounts which have different privileges.

How to Configure Multiple Sets of Credentials and URLs in Netsparker Standard

    1. Open the Netsparker Standard.
    2. From the Home tab, click New. The Start a New Website or Web Service Scan dialog is displayed.
    3. Select the Form tab. The Form Authentication section is displayed.
    4. Enable the Enabled checkbox.
    5. In Login Form URL, enter the URL.
    6. Click in the blank space below the first persona. A new space for another persona is displayed.
    7. In the Username field, enter the username.
    8. In the Password field, enter the password. Use the Show/Hide Password button () as required.

  1. Continue to add rows and login credentials for as many other personas as you need. (Remember that only one persona can be used in single scans. Different scans should be run for each persona.)

  1. Click Start Scan.
Netsparker

Dead accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO