By default, an AppCheck web application scan does not include brute forcing of arbitrary authentication barriers, but does include testing of weak and default credentials for CMS platform authentication barriers.
The web application scanner allows you to specify further credentials that will be used against any authentication barrier discovered in the target application:
- Web Application Scanner Settings
- Advanced Settings
- Cyber Essentials Checks
- Advanced Settings
This feature enables use of a list of credentials previously provided as part of the UK government's Cyber Essentials scheme.
- Web Application Scanner Settings
- Advanced Settings
- Username Guessing List / Password Guessing List
- Advanced Settings
This feature enables testing with a customer set of credentials.
Comments
0 comments
Article is closed for comments.