Extend crawling coverage using Recorded Crawling

Our Chrome extension is mainly used for recording Recorded Login files. However, the same plugin can also be used for making recordings of user flows to be covered in Recorded Crawling. 

  1. What is the difference between Recorded Login and Recorded Crawling? 

Recorded Login is used to gain an authenticated state at the beginning of Application Scans so that we can scan your application behind your login page. The Recorded Login  also extracts state information that lets us stay logged in throughout the scan. 

If you wish to scan your site behind login, the Recorded Login file should be uploaded in your Authentication Settings

Recorded Crawling is used to let Application Scanning re-play important user flows. You can record a flow where you fill in a form on your site that would otherwise be too complex for any crawling algorithm or form filling method to achieve. All unique HTTP requests that are triggered while running the recording in your scans will be saved for security testing

  1. How do I record a Recorded Crawling flow when the actions I want to perform are behind login? 

To run Recorded Crawling in a logged in state, you need to make sure that your scan has the appropriate settings for scanning behind login. Once that is done, you can record your Recorded Crawling files. 

If you use both Recorded Login and Recorded Crawling, Application Scanning will first re-play the Recorded Login flow and then your Recorded Crawling(s). That means that when we are re-playing your Recorded Crawling flows, we are already in the logged-in state, so when you record your Recorded Crawling, you need to start from the state your Recorded Login results in, which most commonly is the page you land on right after login.

If you have multiple Recorded Crawling files, they will be re-played in the same order that they were uploaded to Detectify. 

  1. How to upload the Recorded Crawling flows to my account? 

The Recorded Crawling files can be uploaded in your Scan Settings:

You can upload multiple Recorded Crawling files to your Scan Settings.

  1. How to validate if the Recorded Crawling flow was successful? 

Currently we do not offer a validation feature for the Recorded Crawling flows as we do in case of the Recorded Login

However, once you run a scan, you can check whether your Recorded Crawling recordings were successful by looking for the “Recorded Crawling Succeeded” or “Recorded Crawling Failed ” informational findings in your report.