How to scan behind login

Most web applications have areas that are accessed by everyone and areas that are only accessible to users with an account. An example of this could be users logging in to an e-commerce site or a forum, as well as a protected development or pre-production environment.

A user often has access to more functionality when logged in, e.g. posting comments on a forum, uploading pictures to their profile, or completing a purchase. This is why a comprehensive security evaluation of any web application needs to be able to test areas behind a login.

You can allow Detectify to scan behind login with two common methods of authentication: Basic auth and Recorded Login. Basic auth is mainly used to protect whole systems, such as development environments, whereas HTML forms are logins you see on most websites.

See this video on authentication: