Authentication Tester

The Authentication Tester PowerTool is a testing utility that uses the "brute-force" technique to reveal weak username-password combinations that could be used to gain access to your web application. (A brute force attack is an automated process of trial and error used to guess authentication credentials, causing a server to acknowledge an imposter as a legitimate user.)

Using brute force, a malicious user will cycle through combinations until stumbling upon credentials that gains access to the authorized area. Using a brute force application, a malicious user can employ a dictionary file, or even simply try all possible combinations of the accepted character set (depending on the username and password formats that the site accepts). Such an attack can generate thousands, even millions, of incorrect combinations before successfully gaining access, and typically takes hours, weeks, or more.

Ensuring that your web application enforces the use of strong passwords can greatly reduce the feasibility of brute force attacks.

  • You can run Authentication Tester from AppScan, by clicking Tools > PowerTools > Authentication Tester
  • You can run Authentication Tester on its own, from the Windows Start menu, by clicking All Programs > [AppScan Standard installation folder] > PowerTools > Authentication Tester