TOC & Recently Viewed

Recently Viewed Topics

Configure Login Form Authentication

These steps describe how to check the authentication values for the Login Form authentication option in the Credentials settings for the Web App Overview and Web App Scan templates.

These steps assume that you already have a login form ready to test your credentials.

To test your authentication values:

  1. For the web application you want to scan, access the login page.

  2. Type your credentials.

    login form test page

  3. Upon successful authentication, in the browser console, locate the call that performs the authentication. In this example, the call is login.

    The Form Data section of the Headers tab displays the key/value pairs. In this example, the pairs are uname: Nessus, upass: WAS, and udomain: Tenable.io.

    login form test page console

To run a credentialed scan with login form authentication:

  1. In Tenable.io Web Application Scanning, either create a new scan, or access the scan settings for which you want to add credentials.
  2. In the scan settings, click the Credentials tab.
  3. Click Web Application Authentication.
    1. In the Authentication Method drop-down box, select Login Form.
    2. In the Login Page box, type the URL for your login form page.
    3. In the Credentials boxes, type the key/value pairs that you retrieved in step 3 of To test your authentication values.

    4. In the Regex to verify successul auth box, type the regex to match when the credentials are correct.

      Note: In many cases, the regex is text that appears on the login page (e.g., Welcome!)

    5. In the Page to verify active session box, type the URL you want to use to verify if the session is still active.
    6. In the Regex to verify active session box, type the regex to match to confirm the session is still active.
  4. Click the Save button.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.