Scanning Websites with Authentication

In many cases, you need to authenticate yourself in a website before accessing some functionalities. A security scan without authentication doesn’t yield many results on such websites because the scanner doesn’t have access to all functionalities.

SmartScanner supports two types of authentications:

• HTTP Basic Authentication
• Form-Based Authentication

The HTTP Basic is the build-in authentication method on the web.

The form-based authentication is the most used method on the web. It’s usually a web page with a nice form asking for your username and password.

Using HTTP Basic Authentication for Scan

For scanning a website that uses HTTP Basic authentication, click on change scan config to open the configurations page. Then in the Authentication tab, choose the HTTP option and enter your username and password that you want to be used for the scan.

Using Form-Based Authentication for Scan

Open the configurations page by clicking on change scan config on SmartScanner’s startup page. Then in the Authentication tab, select the Manual Login option and click on the Login button. A window pops up where you can enter the address of your website, navigate to the login page and authenticate yourself. After logging into your website, click on OK in the popup window, go back to main page and start the scan by entering the same target URL.

Multi Factor Authentication Support

SmartScanner supports multi-factor authentications that don’t require a hardware token. For using MFA, you can simply use form-based authentication.