Note: the feature is only available under the Enterprise plan only, more information on current plans and billing options is on our Pricing page.
This article describes supported login/authorization types in order to perform in-depth scanning for cookies/services on web pages within your website that requires authentication.
Why authenticated scans are useful?
If authentication is not enabled, the Secure Privacy scanner covers only a subset of website, the one that is accessible before the user has to authenticate. However, there may be other uncovered services/cookies/iframes/pixels that can only be identified after logging in to your web application.
Supported authentication methods
Our Secure Privacy Website Scanner supports four methods for performing authenticated scans:
- Form-based authentication
- OAuth 2.0 (client credentials, resource owner password, authorization code and others)
- OpenID Connect
- API keys (custom or authorization headers)
A “Form-based authentication“ option allows the user to make an authenticated scan by having a valid pair of credentials in the target application.
You will have to provide the following details:
- The login URL of the application and is needed to contain the login form.
- The correct username and password
OAuth 2.0, OpenID Connect, API keys method will require more elaboration from your side on specifics to the protocol and flow of the authenticated user. Our team can work together with you to understand the application setup and on any custom development if needed.