Why Bright

Product

Resources

Blog

Upcoming Events

Webinars

AppSec Championships

Datasheets

Whitepapers

Videos

Success Stories

Docs

Bright Demo

Infographics

DAST
Guide to DAST (Dynamic Application Security Testing)

Application Security Testing
Your primer for application security testing.

Penetration Testing
We explain the concept of penetration testing.

Vulnerability Management
Comprehensive overview of vulnerability management.

DevSecOps
All the necessary knowledge to get started with DevSecOps

API Security
We take a deeper look into securing & protecting your APIs!

Unit Testing
All you need to know about keys of unit testing & best practices.

Fuzzing
We explore fuzzing and evaluate if it's the next big thing in cybersec.

Company

Free Trial Login

Resource Center > Videos

Creating a header authentication object

Speaker 1: Welcome to NexPloit. In this video, you’ll learn how to create a header authentication object and use it for a scan. The purpose of an authentication object is to grant an exploit access to the login protected parts of your web application. Header authentication is the most straightforward method of authentication used for static authentication tokens. You simply need to specify the value of the authentication token so that an exploit can access the protected pages automatically as well as notify you if the authenticated session becomes invalid during a scan. By using an authentication object, you enable the exploit to reach complete scan coverage of the target application. When running a scan, you can read more information about authenticated scanning in our docs. Let’s get started. For this video. We’re using our benchmark application as an example. Go to the next Beloit application from the left menu, Select Authentications and then click Create Authentication. Enter a name for your authentication object. From the authentication type dropdown list. Select Header authentication in the authentication setup section. First, enter the name of your authorization header. To define it in your browser. Open the dev tools. Select the network tab and sign in to your application. Now you can find the authentication token among the login response headers. Copy paste the value of the authorization header in the value field. In the authentication triggers section, select an indicator of invalid authentication session. For our application. It will be HTTP response status 401. Great. We’ve configured the authentication object and now we need to test it to avoid errors during a scan. For that, go to the valid session tester and in the validation URL field, enter the URL of any other login protected page within your application. Click test authentication. In the test results, we can see that the validation URL was reached successfully. This confirms that the authentication object was configured correctly. Now you can click create. The created object is saved and can be selected when starting a new scan for this target. Thanks for watching and happy authenticated scanning with next ploy from all of us at NeuraLegion.

Resources

Company

Legal

Blogs

Get Started