Most web applications have areas that are be accessed by everyone and areas that are only accessible to users with an account. An example of this could be users logging in to an e-commerce site or a forum, as well as a protected development or pre-production environment.
A user often has access to more functionality when logged in, e.g. posting comments on a forum, uploading pictures to their profile, or completing a purchase. This is why a comprehensive security evaluation of any web application needs to be able to test areas behind a login.
You can allow Detectify to scan behind login with two common methods of authentication: Basic auth and HTML forms. Basic auth is mainly used to protect whole systems, such as development environments, whereas HTML forms are logins you see on most websites.
See this video on authentication:
- BETA: Scan behind login with HTML forms
- Scan behind login with Basic auth
- Scan behind login with a session cookie