Login tab

Scan Configuration > Login Management > Login tab.

The Login Management view of the Scan Configuration dialog box is used to define how AppScan® logs in to your application, and how it can recognize when it gets logged out.

AppScan can automatically detect login requests and fills in the username and password parameters. If your application has a non-standard login sequence of actions, you can record these actions for AppScan to use.

Setting

Details

Select Login Method

Recorded (Recommended)

(Default method) Select this method to open the browser and record a login sequence (both HTTP requests and user actions are recorded). AppScan will use this sequence whenever it needs to login to the application.

the red Record button is used to record the sequence. For web applications, see Recording a login; for RESTful (and other) web services, see Exploring with the External Traffic Recorder

Automatic Login

Select this method to let AppScan automatically detect the login form of your application and use the username and password you supply. (This method can be less reliable than the Recorded Login method.)

Prompt

Select this method if login requires human interaction each time (such as Two-Factor Authentication, One-Time Passwords, or CAPCHA).

Note that even if you select this option, you must record a login sequence. This is to provide AppScan with an in-session page that it can later use to verify that it is logged-in. For details see Recording a login

None

Select this option if the application does not require users to log in.

Login Validation Status Indicator

Key icon

The key icon indicates the status of In-Session Detection:

the green key icon Enabled and configured. (An in-session page has been identified in login sequence, either automatically or by the user.)

the orange key icon Enabled but not fully configured.

the red key icon Enabled but not configuration failed.

the gray key icon Disabled.

See Select Detection Pattern dialog box for details.

Import or Export Login Settings

Import

When you record a login sequence it is saved as part of the scan. If you save the scan as a template, the login sequence is saved as part of the template.

To import a login sequence that was previously saved as a *.login file, click the Import button.

Export

To export the login sequence by itself, to use in future scans, click the Export button. The sequence is saved as a *.login file.