Comments (3)
JSON format
The next example json shows up different login configurations at once. In real world scenario only one.
So only basic
or form
in combination of either autodetect
or script
should be used.
{
"apiVersion": "1.0",
"webScan": {
"uris": [
"https://productfailure.demo.example.org"
],
"login": {
"url": "https://productfailure.demo.example.org/login",
"basic": {
"realm": "${{ .LOGIN_REALM }}",
"user": "${{ .LOGIN_USER }}",
"password": "${{ .LOGIN_PWD }}"
},
"form": {
"autodetect": {
"user": "${{ .LOGIN_USER }}",
"password": "${{ .LOGIN_PWD }}"
},
"script": [
{
"step": "username",
"selector": "#example_login_userid",
"value": "${{ .LOGIN_USER }}"
},
{
"step": "password",
"selector": "#example_login_pwd",
"value": "${{ .LOGIN_PWD }}"
},
{
"step": "input",
"selector": "#example_additional_locaion_field",
"value": "munich"
},
{
"step": "click",
"selector": "#example_login_login_button"
}
]
}
}
}
}
The example above would be suitable for our go client. The client would replace LOGIN_USER and LOGIN_PWD template variables with dedicated entries from environment. So passwords would not be inside the configuration file and are injectable at runtime (e.g. on a Jenkins Build by secret credentials)
Projects not using go client but having a direct approach would be responsible itself to ensure their secrets are not leaked: Either use a generated config file at runtime, or provide placeholders like done in go client by themselfes (e.g. a ${loginUser} ) etc.
We provide following step types:
- input
Use this to setup an input field. Needs selector and value - username
Same as input, but tagged as being credential part. SecHub will try to hide this information where
possible. Please use this for username at login. - password
Same as input, but tagged as being credential part. SecHub will try to hide this information where
possible. Please use this for password at login. - click
Use this to do a click operation. Needs only selector.
from sechub.
Netsparker
Basic authentication
REST documentation
https://your-netsparker-server/docs/index#!/Scans/Scans_New
Form authentication
REST documentation
https://your-netsparker-server/docs/index#!/Scans/Scans_New
from sechub.
Client parts will be done on another issue, so closing this isue.
from sechub.
Related Issues (20)
- Change log level for domain message handler registration to trace level
- Integration tests have growing test scenario failure when server restart necessary (with postgres DB) HOT 1
- pds-findsecuritybugs does not work with latest PDS
- pds-owaspzap does not work with latest PDS
- pds-scancode does not work with latest PDS
- pds-xray does not work with latest PDS
- pds-solutions: Eliminate multiply defined parameters
- Introduce SecHubMultiSpringBootTest to reduce build time
- PDS resilient consultant general use but config is checkmarx specific
- Update documentation of secret validation app
- Change default value for allowance of outdated encryption pools on running servers
- Release Server 2.0.0
- Release PDS 2.0.0
- PDS 2.x now enforces encryption env vars - update Helm charts
- Remove PDS default encryption setup
- sechub-api.sh - support new encryption status api call
- Enable "pull_request" hook in GitHub action workflow
- Remove community branch
- Secret-Validation wrapper: create release job
- OpenApi Generator return empty collection instead of null for collection types
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sechub.