Authenticated Scan

Test behind your login page


If your web application has a page that requires authentication (login and password), the security scanners will need to authenticate before analyzing the pages that lie beyond. Gauntlet offers more than one way to allow scanners to authenticate to your web application.



Pick your Auth Method


In your Scan Profile, just go to the "Authentication" tab and select the authentication method that is related to your application. Gauntlet relays such configuration to scanners, so it depend on them to implement the authentication.



Authentication for ANY Scanner


On the other hand, we also offer a "Script Authentication" that lets you write an Arbitrary Function, retrieve the Header or Cookie containing the Session ID and either relay to the scanners or use Gauntlet Proxy - an intercepting proxy - to add the Header/Cookie to all requests even if the scanner doesn't support it by default.



Staying Authenticated


Scanners should be able to verify if they are still logged in and also be able to identify the logout link to don't "click" on it, thus there is a few configurations that should be set up.



Explore the features