Authenticated scans

Ostorlab offers support for performing authenticated scans on both the Mobile application, Web application and the backend servers. Credentials can be set at scan creation using the "Add Test Credentials" menu.

When creating a scan, in the set scan Credentials step. Click Add Test Credentials

Add Test Credentials Button Location

A menu will appear, allowing you to add multiple test credentials and parameters such as username/password, credit card data, address, and phone number to perform multiple tests and scenarios such as payment and checkouts

Test Credentials Configuration Menu

you can add Login & Password for a simple authentication follow that requires a username and a password

Login and Password Input Fields

Web App Authentication with puppeteer script / Chrome recorder

If you have web applications that require a more complex authentication flow, you can upload Puppeteer scripts that will be executed during the scan. These scripts can be generated using the Chrome Devtool Recorder. .

Puppeteer Script Upload Interface

For mobile applications that require Authentication with a Certificate, you can upload your certificate. The certificate must be in the PEM format.

Certificate Authentication Option

Upload you certificate

Certificate Upload Dialog

Complex authentication schemes for mobile applications

Complex authentication schemes like OTP or the random numerical pad are either automated using Appium scripts or manually performed for one-offs by an Ostorlab support member. If your application requires a custom authentication scheme, please get in touch with us by email: support@ostorlab.dev for advice.