TOC & Recently Viewed

Recently Viewed Topics

Web App Authentication

Selenium

  1. Click Scans > New Scan > Web Application > Web App Scan or Web App Overview.
  2. Click the Credentials tab.
  3. In the Add Credentials section, click Web Application Authentication.
  4. From the Authentication Method drop-down, select Selenium Authentication.

  5. Click Add file and select the .side file created in step 7.
  6. In the Page to verify active session field, type the URL that Tenable.io can continually access to ensure the authenticated session is still valid.

    Tip: Tenable recommends including "My Account" or "My Preferences" as part of the URL for the Page to verify active session field as shown in the screenshot above.

  7. In the Regex to verify active session field, type a word, phrase, or regular expression that appears on the page specified in the Page to verify active session field. This phrase only appears if the authenticated session is still valid.

Login Form

  1. Click Scans > New Scan > Web Application > Web App Scan or Web App Overview.
  2. Click the Credentials tab.
  3. In the Add Credentials section, click Web Application Authentication.
  4. From the Authentication Method drop-down, select Login Form.

  5. In the Login Page field, type the URL of the login page for which you wish to attempt authentication.
  6. In the Credentials section, specify the form field names in the example: username and example: password fields, as well as their respective values in corresponding fields to the right.

    Tip: When performing an uncredentialed Web App Overview, plugin 98033 (Login Form Detected) may automatically detect the necessary form field names to type in the example: username and example: password fields of the credentials area.

  7. In the Regex to verify successful auth field, type a word, phrase, or regular expression that indicates the login was successful.
  8. In the Page to verify active session field, type the URL that Tenable.io can continually access to ensure the authenticated session is still valid.

    Tip: Tenable recommends including "My Account" or "My Preferences" as part of the URL for the Page to verify active session field as shown in the screenshot above.

  9. In the Regex to verify active session field, type a word, phrase, or regular expression that appears on the page specified in the Page to verify active session field. This phrase only appears if the authenticated session is still valid.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.