Scanning Websites with Authentication

Performing security scans on websites with authentication requirements is crucial for comprehensive vulnerability assessment. SmartScanner offers seamless support for two common authentication methods: HTTP Basic Authentication and Form-Based Authentication.

Understanding Authentication Methods

• HTTP Basic Authentication: This is a built-in authentication method widely used on the web. Users provide their credentials directly via the browser or client application.
• Form-Based Authentication: This method presents users with a web form prompting them to enter their username and password. It’s the preferred authentication method for most websites.

Configuring Authentication for Scans

Using HTTP Basic Authentication

To scan a website employing HTTP Basic authentication:

1. Click on “Change Scan Config” to access the configurations page.
2. Navigate to the Authentication tab.
3. Choose the HTTP option and enter your username and password for authentication during the scan.

Using Form-Based Authentication

For websites utilizing form-based authentication:

1. Access the configurations page by clicking on “Change Scan Config” from SmartScanner’s startup page.
2. Proceed to the Authentication tab.
3. Select the Manual Login option and click on the Login button.
4. A window will appear, allowing you to input the address of your website and navigate to the login page.
5. Authenticate yourself using the login page.
6. After successfully logging in, click on OK in the popup window, return to the main page, and start the scan by entering the target URL.

Multi-Factor Authentication (MFA) Support

SmartScanner also offers support for multi-factor authentication (MFA) that does not require a hardware token. Users can utilize form-based authentication to seamlessly incorporate MFA into their security scans.