We support both form and server authentication. These types of form authentication are supported: HTML form-based authentication (standard login), custom form fields and Selenium script uploaded from your file system. These types of server authentication are supported: Basic, Digest and NTLM.
Need help with selecting an authentication type? The first step is to see what type of authentication is needed for your web application.
If you want to authenticate to a form on the web application you'll need to supply username and password credentials. Form authentication typically passes the username and password within a POST to the application framework. If the application framework is on the same domain, use the Standard Login option. If the application framework handling the authentication is on another domain, you must provide crawl access to this domain via the "Explicit URLs to Crawl" setting within your web application settings.
For more complex form authentication use the Selenium Script option. Record the authentication process in a Selenium script and upload the script to your authentication record. At scan time we'll play back the script to authenticate to the form.
For server authentication you'll need to provide server authentication credentials within a Server Record. Server authentication is handled within the HTTP headers. Selenium scripts cannot be configured to do server authentication.