Authenticated Web Scan

This guide provides a step-by-step walkthrough on running an authenticated web scan using Ostorlab.

Navigate to the 'Scanning' section in the menu

3. Click on the "New Scan" option

Click on the 'New Scan' option

4. Click "Web App"

Choose the "Web App" option from the available scan types.

Click 'Web App'

5. Click "Continue"

Click 'Continue'

6. Specify the target URLs or domains

Specify the target URLs or domains. You can enter multiple URLs or domains by entering each on a new line.

Specify the target URLs or domains

7. Click "Continue"

Click 'Continue'

8. Select the "Full Web Scan" option

Select the 'Full Web Scan' option

9. Click "Continue"

Click 'Continue'

10. Optionally configure advanced scan settings

This section allows you to configure optional advanced scan settings such as the QPS to set the maximum number of queries per second. You can set a proxy and a filter URL regex.

Optionally configure advanced scan settings

11. Click "Continue"

Click on the "Continue" button to proceed to set the scan credentials.

Click 'Continue'

12. Select one or more predefined test credentials

This step allows you to select one or more predefined test credentials or add new ones. Test credentials increase the coverage of the dynamic analysis.

Select one or more predefined test credentials

13. Click "Test Credentials"

You can also directly add test credentials by clicking the "Test Credentials" button.

Click 'Test Credentials'

14. Add a test credential

The supported types are:

Login & Password
Basic Authentication
Email
Credit card
Phone Number
Address
Certificates
Script: Allows you to upload a puppeteer script. This can be very useful to enable complex authentication flows or complex interactions like checkout.
Custom credentials: For custom form fields like username, password and domain name.

For example, to add a "Login & Password", select the "Login & Password" option from the test credentials menu.

Click 'Login & Password'

Enter the login, password, and the URL. The test credential is then added to the scan once you click submit.

Enter the login, password, and URL

15. Click "Submit"

Click on the "submit" button to create the scan.

Click 'Submit'

16. Click "Show"

The web scan will be created. You can click "Show" in the alert to go to the list of scans.

Click 'Show'

In this guide, you learned how to run an authenticated web scan using Ostorlab. The instructions covered configuring the scan settings, adding URLs and domains, and authenticating with login credentials. By following these steps, you can ensure a thorough and secure web scan for your applications.

Authenticated Web Scan

1. Click on the menu icon on the left

2. Navigate to the "Scanning" section in the menu

3. Click on the "New Scan" option

4. Click "Web App"

5. Click "Continue"

6. Specify the target URLs or domains

7. Click "Continue"

8. Select the "Full Web Scan" option

9. Click "Continue"

10. Optionally configure advanced scan settings

11. Click "Continue"

12. Select one or more predefined test credentials

13. Click "Test Credentials"

14. Add a test credential

15. Click "Submit"

16. Click "Show"