TOC & Recently Viewed

Recently Viewed Topics

Web App Authentication

Selenium

These steps describe how to create a Selenium script to use with the Selenium Authentication option in the Credentials settings for the Web App Overview and Web App Scan templates.

Tip: For information about Selenium scripts you can use with WAS, see Web Application Scanning Selenium Commands.

Before you begin:

To use Selenium authentication:

  1. Click Scans > New Scan > Web Application > Web App Scan or Web App Overview.
  2. Click the Credentials tab.
  3. In the Add Credentials section, click Web Application Authentication.
  4. From the Authentication Method drop-down box, select Selenium Authentication.

  5. Optionally, click Click here to open Chrome Extension to use the Web App Scanning Google Chrome extension. See Web Application Scanning Chrome Extension for more information.
  6. Click Add file and select the .side file created in step 7.
  7. In the Page to verify active session text box, type the URL that Tenable.io can continually access to ensure the authenticated session is still valid.

    Tip: Tenable recommends including "My Account" or "My Preferences" as part of the URL for the Page to verify active session text box.

  8. In the Regex to verify active session text box, type a word, phrase, or regular expression that appears on the page specified in the Page to verify active session text box. This phrase only appears if the authenticated session is still valid.

Login Form

To use Login Form authentication:

  1. Click Scans > New Scan > Web Application > Web App Scan or Web App Overview.
  2. Click the Credentials tab.
  3. In the Add Credentials section, click Web Application Authentication.
  4. From the Authentication Method drop-down box, select Login Form.

  5. In the Login Page text box, type the URL of the login page for which you wish to attempt authentication.
  6. In the Credentials section, specify the form field names in the example: username and example: password text boxes, as well as their respective values in corresponding text boxes to the right.

    Tip: When performing an uncredentialed Web App Overview, plugin 98033 (Login Form Detected) may automatically detect the necessary form field names to type in the example: username and example: password text boxes of the credentials area.

  7. In the Regex to verify successful auth text box, type a word, phrase, or regular expression that indicates the login was successful.
  8. In the Page to verify active session text box, type the URL that Tenable.io can continually access to ensure the authenticated session is still valid.

    Tip: Tenable recommends including "My Account" or "My Preferences" as part of the URL for the Page to verify active session text box.

  9. In the Regex to verify active session text box, type a word, phrase, or regular expression that appears on the page specified in the Page to verify active session text box. This phrase only appears if the authenticated session is still valid.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.