Authentication Points report

This report shows you where the authentication points (the applications that validate a user's credentials) are located on your website. It provides a summary of the authentication points found, including a total for all the types found, and the number of each authentication type found.

Why it matters

Most websites have one authentication point as a central front door to the site. Many also have back doors to additional functionality such as administrative tools. Because an authentication point corresponds to an application, understanding where they are located helps you isolate critical security applications.

How authentication points are triggered

The report uses pages as pointers to the applications. All authentication points are summarized by the type found. The following authentication techniques are used to discover authentication points on a site:

  • Forms
  • HTTP basic
  • HTTP digest
  • NTLM (NT LAN Manager)
  • Negotiate
  • Kerberos
Note: One authentication point might use several of these techniques, and will display in the reports for each technique used. Authentication Points using certificate-based authentication cannot be found.