Authenticated scans

Ostorlab offers support for performing authenticated scans on both the Mobile application, Web application and the backend servers. Credentials can be set at scan creation using the "Add Test Credentials" menu.

When creating a scan, in the set scan Credentials step. Click Add Test Credentials

A menu will appear, allowing you to add multiple test credentials and parameters such as username/password, credit card data, address, and phone number to perform multiple tests and senarios such as payment and checkouts

you can add Login & Password for a simple authentication follow that requires a username and a password

Web App Authentication with puppeteer script / Chrome recorder

If you have web applications that require a more complex authentication flow, you can upload Puppeteer scripts that will be executed during the scan. These scripts can be generated using the Chrome Devtool Recorder. .

For mobile applications that require Authentication with a Certificate, you can upload your certificate. The certificate must be in the PEM format.

Upload you certificate

Complex authentication schemes for mobile applications

Complex authentication schemes like OTP or the random numerical pad are either automated using Appium scripts or manually performed for one-offs by an Ostorlab support member. If your application requires a custom authentication scheme, please get in touch with us by email: support@ostorlab.dev for advice.