Netsparker recognized as Gartner Peer Insights Customers' Choice.
SUPPORT

Contact Support

OPEN A TICKET

Login Page Identifier

The Login Page Identifier is a security check that detects all login pages.

Netsparker crawls and attacks your website to discover all vulnerable points. To do that, it tries to find and follow all URLs in your website to populate the Sitemap. Thanks to this procedure, Netsparker is also able to detect all login pages on your website. This feature is particularly useful if you find it difficult to keep track of a large number of websites.

This security check can be configured, by increasing or decreasing the weight of variables, such as password input and adding new keywords.

During the scan, Netsparker analyses keywords that are specified in the Scan Policy for each page and calculates the weights that are attributed to different variables. If the total result exceeds the threshold value of 75, Netsparker reports this webpage as a login page.

It is reported both in the Sitemap and Issues panel as an Information Alert.

The Login Page Identifier check is enabled by default.

For further information, see Scan Policy Fields, Security Checks, Configuring and Verifying Form Authentication in Netsparker Enterprise, and Configuring Form Authentication in Netsparker Standard.

Login Page Identifier Fields

This table describes the fields in the Login Page Identifier panel.

Field

Description

Weight of the Login Keyword in Form Element

This is the weight for the expected HTML element. This weight is added to the total weight if attributes of the form include any login keyword listed below.

The default weight is 30.

Weight of the Login Keyword in Window Location

This is the weight for the window location. This weight is added to the total weight, if the location's pathname or fragment part contains a login keyword listed below.

The default weight is 25.

Login Form Weight Threshold

This is the minimum weight to identify login forms. If the total weight is equal to or greater than the threshold value, Netsparker reports a Login Page Identified issue.

The default threshold value is 75.

Login Keywords

These are keywords to search for within forms and window locations.

Weight of the Password Input

This is the weight for the password input. This weight is added to total weight when a single password is found.

The default weight is 30.

Weight of the Remember Me Input

This is the weight for the Remember Me checkbox input. This weight is added to total weight when a checkbox whose name, className, or id contains the ‘remember’ keyword.

The default weight is 30.

Weight of Submit Button

This is the weight for the Submit button. This weight is added to total weight when Netsparker finds a submit button in the form.

The default weight is 15.

Input Type Names for Username

This is the keyword to use to detect username input. Any input with the given type is considered to be username input.

Weight of Username Input

This is the weight for the username input. This weight is added to the total weight when input is found matching the username criteria.

The default weight is 15.

Username Keywords

This is the keyword to be searched for in the username input.

A weight of 0 means that the element will be skipped during analysis.
How to Configure the Login Page Identifier Security Check in Netsparker Enterprise
  1. Log in to Netsparker Enterprise.
  2. From the main menu, click Policies, then New Scan Policy. The New Scan Policy window is displayed.

  1. Click the Security Checks tab.

  1. Select the Login Page Identifier checkbox.

  1. If required, configure the settings as outlined in the table.
  2. Click Save.
How to Configure the Login Page Identifier Security Check in Netsparker Standard
  1. Open Netsparker Standard.
  2. From the Home tab, click Scan Policy Editor. The Scan Policy Editor dialog is displayed.
  3. From the Security Checks tab, select the Login Page Identifier checkbox.
  4. Configure the security check settings as required or use the default ones.
  5. Click OK.
  6. When this security check identifies the vulnerability, it will be displayed in the report like this.

Netsparker

Highly accurate, fast & easy-to-use Web Application Security Scanner

GET A DEMO