WAS Scan Web Application Authentication
In a web application scan, you can configure one of the following types of Web Application Authentication credentials:
- Login Form Authentication
- Cookie Authentication
- Selenium Authentication
- API Key Authentication
- Bearer Authentication
Option | Action |
---|---|
Authentication Method | In the drop-down box, select Login Form. |
Login Page | Type the URL of the login page for the web application you want to scan. |
Credentials |
Do the following:
Tip: If you perform an uncredentialed Overview scan, plugin 98033 (Login Form Detected) may automatically detect and display the required login boxes in the plugin output. |
Pattern to Verify Successful Auth |
Type a word, phrase, or regular expression that appears on the website only if the authentication is successful (for example, Welcome, your username!). Note that leading slashes will be escaped and .* is not required at the beginning or end of the pattern. |
Page to Verify Active Session |
Type the URL that Tenable.io Web Application Scanning can continually access to validate the authenticated session. |
Pattern to Verify Active Session |
Type a word, phrase, or regular expression that appears on the website only if the session is still active (for example, Hello, your username.). Note that leading slashes will be escaped and .* is not required at the beginning or end of the pattern. |
Option | Action |
---|---|
Authentication Method | In the drop-down box, select Cookie Authentication. |
Session Cookies |
Do the following:
|
Page to Verify Active Session |
Type the URL that Tenable.io Web Application Scanning can continually access to validate the authenticated session. |
Pattern to Verify Active Session |
Type a word, phrase, or regular expression that appears on the website only if the session is still active (for example, Hello, your username.). Note that leading slashes will be escaped and .* is not required at the beginning or end of the pattern. |
Option | Action |
---|---|
Authentication Method | Select Selenium Authentication. |
Selenium Script (.side) |
Do the following:
|
Page to Verify Active Session |
Type the URL that Tenable.io Web Application Scanning can continually access to validate the authenticated session. |
Pattern to Verify Active Session |
Type a word, phrase, or regular expression that appears on the website only if the session is still active (for example, Hello, your username.). Note that leading slashes will be escaped and .* is not required at the beginning or end of the pattern. |
Option | Action |
---|---|
Authentication Method | Select API Key. |
Headers |
Do the following:
|
Page to Verify Active Session |
Type the URL that Tenable.io Web Application Scanning can continually access to validate the authenticated session. |
Pattern to Verify Active Session |
Type a word, phrase, or regular expression that appears on the website only if the session is still active (for example, Hello, your username.). Note that leading slashes will be escaped and .* is not required at the beginning or end of the pattern. |
Option | Action |
---|---|
Authentication Method | Select Bearer Authentication. |
Bearer Token |
Type the value of the bearer token. |
Page to Verify Active Session |
Type the URL that Tenable.io Web Application Scanning can continually access to validate the authenticated session. |
Pattern to Verify Active Session |
Type a word, phrase, or regular expression that appears on the website only if the session is still active (for example, Hello, your username.). Note that leading slashes will be escaped and .* is not required at the beginning or end of the pattern. |