Login Management

Configure the login method, and record the login procedure if needed.

About this task

The Login Management step of the wizard lets you select one of three methods for AppScan to use when it encounters login pages during a scan:

  • Recorded Login: (Recommended method) If you select this option, AppScan® uses a login procedure that you record, completing fields and clicking on links like a real user.

    For more details see Record login with a browser.

    If login requires human interaction each time (such as Two-Factor Authentication, One-Time Passwords, or CAPTCHA), select the Prompt option.

  • Prompt: In this case you must still record a login procedure. Although AppScan® will not attempt to log in using the procedure you record, it needs the procedure as a reference to know when it is logged out.
  • Automatic Login: If AppScan® will be able to log in to the site using a name and password only, without a special procedure, select this option and enter the Username and Password.
  • No Login: Select this option only if the application does not require logging in, or if for some other reason you do not want AppScan® to log in.

Procedure

  1. Select the radio button for the required Login method.
  2. Do one of the following:
    • For Recorded Login or Prompt, click Record or Import set the a login sequence (see Login tab for details).
    • For Automatic Login, simply type in Username and Password.
    Note: If you record a login, when you finish recording a dialog box may open asking you to confirm that the login data AppScan® extracted is correct. Fill in or correct the parameters and values as necessary, then click OK.

    If you have recorded a valid login sequence, the key icon turns from gray gray key icon to green green key icon, indicating that the an in-session page has been identified.

    Note: If the key icon turns red red key icon, AppScan® attempted to but was unable to identify any pattern in the in-session page that it can use during scanning to verify that it has not been logged out. To remedy this you should open the extra step of the wizard and either provide AppScan® with an identifier manually (see next step).
  3. If you select the I want to configure In-Session Detection Options check box, an additional wizard step, Login Management Details, will open when you click Next. Select this only if you need to edit the login sequence (see note to previous step).
  4. Click Next.

What to do next

Test Policy

If you selected "I want to configure In-Session Detection Options", continue with Login Management Details