Resource Center  >  Videos

Creating a Browser-Based Authentication Object

Speaker 1: Welcome to Nexploit. In this video, you will learn how to create a browser based authentication object to use it for a scan. The purpose of an authentication object is to grant Nexploit access to the login protected parts of your application. Browser based form authentication is a simplified option of the form authentication method. You need to specify the fields given on a login page and the valid credentials for them. Using this data Nexploit can fill in the browser form in the same way you would to gain access to the protected pages automatically. By using an authentication object, you enable Nexploit to reach complete scan coverage of the target application when running a scan. You can read more information about authenticated scanning on our knowledge base. Let’s get started. For this video, we are using our benchmark application as an example. Go to the Nexploit application. On the scans page, click my authentications and then click new authentication. Enter a name for your authentication object. From the authentication type dropdown list. Select browser based form authentication. In the authentication setup section, first enter the URL of the form page. In the fields below, enter the labels of the fields as they are given on the form page. In our application, these are email and password. Then provide the valid credentials. Enter the URL that is expected after successful login. If necessary, specify the maximum number of redirects to follow. For us, it’s zero. In the authentication triggers section, select an indicator of invalid authentication session. For our application, it will be HTTP response status 403. Great. We have configured the authentication object and now we need to test it to avoid errors during a scan. For that, go to the valid session tester and in the validation URL field, enter the URL of any other login protected page within your application. Click test authentication. In the test results, we can see that the validation URL was reached successfully. This confirms that the authentication object was configured correctly. Now you can click Save. The created object is saved and can be selected when starting a new scan for this target. Thanks for watching and happy authenticated scanning with an Nexploit from all of us at NeuraLegion.

 

Testing variance Using Legacy Dast Using Dev-Centric Dast
% of orgs knowingly pushing vulnerable apps & APIs to prod 86% 50%
Time to remediate >Med vulns in prod 280 days <150 days
% of > Med vulns detected in CI, or earlier <5% ~55%
Dev time spent remediating vulns - Up to 60x faster
Happiness level of Engineering & AppSec teams - Significantly improved
Average cost of Data Breach (US) $7.86M $7.86M