Recording a login sequence

Recording a login sequence lets you teach the scan the procedure for logging in to your site: which links to click, which text to enter in forms, and the order in which to do them.

About this task

Learn more about how recorded login sequences work:

Here's how the recorded login sequence works.

  1. The recorded login sequence is started.
  2. The scan job logs in to the site and as pages are loaded by the recorded sequence, their content and headers might be checked for links and analyzed for issues.
  3. When the login sequence is finished, the content scan takes over and begins analyzing/testing the pages included in its list of Starting URLs.

Any pages found by the login sequence will be included in the list of URLs analyzed or tested by the scan job. For example, logging into the page www.example.com\portal\login.asp leads to support.example.com\home.asp. The URL support.example.com\home.asp will be included in the list so that the content in the new domain can be traversed and analyzed after the recorded login sequence logs in to it.

Procedure

  1. Go to the Login Management page of the relevant content scan job and select the Recorded option.
  2. Click Record Login.
    Note: You can also import a previously recorded login sequence. Recording or importing a login sequence will discard the current login sequence, if one exists.
  3. On the Record Login Sequence page, click Record Login. The recording browser will open at the job's first Starting URL.
    Note: If necessary, you can record the procedure in stages, by clicking Stop on the browser toolbar, browsing to another location, and clicking Record to resume recording. When you are finished, close the browser.
  4. Navigate to your login page and perform the login procedure, entering data in forms and clicking on links as necessary.
    Note: Passwords are shown in clear text. For security reasons, use a test user account not your real user account.
  5. When you are successfully logged into the site, click Stop in the recording browser, and close the browser window.
  6. Click Done on the Record Login Sequence page to return to the Login Sequence Details page, where you can remove any URLs or domains that are not required.
  7. (Optional) You might want to check the values of the parameters that were recorded to verify that the correct cookies, parameters, and session IDs are being sent during the scan. If the values are not correct or some values are missing, you can delete the link for the specific URL or delete the entire sequence and record it again until the correct values are sent. Missing values can often occur if you missed a step in the login process during recording. Select the URL and click the View HTTP Request icon (View HTTP Request).
  8. Click Save when you have finished editing the page.

What to do next

Identifying in-session pages