Search What is Detectify?
×

Security testing behind login

August 27, 2014

A comprehensive security evaluation of any web application needs to be able to test areas behind a login. Find out more about two common methods of login/authentication are Basic auth and HTML forms.

Most web applications have areas that are accessible for all visitors while other areas are only accessible for users with an account. A great example of this are users logging in to a web shop or a forum, but it could also be a protected development/pre-production environment.

A user often has access to more functionality when logged in than when not logged in, e.g. to post comments on a forum, upload pictures to their profile, or complete a purchase. Hence, a comprehensive security evaluation of any web application needs to be able to test areas behind login.

Detectify authentication optionsAuthentication options in the Detectify tool

Basic auth

Basic auth is mainly used to protect whole systems from external access e.g. a development environment (click here to see an example of this). To authenticate Detectify with Basic auth, just provide the credentials for the scan profile under Settings > Authentication.

HTML forms

HTML forms are “normal logins” you see on most websites like facebook or detectify.com.

To authenticate Detectify with HTML forms, you need to record the login sequence and upload in your scan profile settings. The sequence should be recorded with our Chrome plugin that will guide you through the recording process with an easy-to-use wizard.

Happy scanning!

Do you feel that something is missing from Detectify or have a general comment? Hit us up at @detectify or hello@detectify.com. We are aiming to improve Detectify and make the Internet a safer place.