Comments (3)
JSON format
The next example json shows up different login configurations at once. In real world scenario only one.
So only basic
or form
in combination of either autodetect
or script
should be used.
{
"apiVersion": "1.0",
"webScan": {
"uris": [
"https://productfailure.demo.example.org"
],
"login": {
"url": "https://productfailure.demo.example.org/login",
"basic": {
"realm": "${{ .LOGIN_REALM }}",
"user": "${{ .LOGIN_USER }}",
"password": "${{ .LOGIN_PWD }}"
},
"form": {
"autodetect": {
"user": "${{ .LOGIN_USER }}",
"password": "${{ .LOGIN_PWD }}"
},
"script": [
{
"step": "username",
"selector": "#example_login_userid",
"value": "${{ .LOGIN_USER }}"
},
{
"step": "password",
"selector": "#example_login_pwd",
"value": "${{ .LOGIN_PWD }}"
},
{
"step": "input",
"selector": "#example_additional_locaion_field",
"value": "munich"
},
{
"step": "click",
"selector": "#example_login_login_button"
}
]
}
}
}
}
The example above would be suitable for our go client. The client would replace LOGIN_USER and LOGIN_PWD template variables with dedicated entries from environment. So passwords would not be inside the configuration file and are injectable at runtime (e.g. on a Jenkins Build by secret credentials)
Projects not using go client but having a direct approach would be responsible itself to ensure their secrets are not leaked: Either use a generated config file at runtime, or provide placeholders like done in go client by themselfes (e.g. a ${loginUser} ) etc.
We provide following step types:
- input
Use this to setup an input field. Needs selector and value - username
Same as input, but tagged as being credential part. SecHub will try to hide this information where
possible. Please use this for username at login. - password
Same as input, but tagged as being credential part. SecHub will try to hide this information where
possible. Please use this for password at login. - click
Use this to do a click operation. Needs only selector.
from sechub.
Netsparker
Basic authentication
REST documentation
https://your-netsparker-server/docs/index#!/Scans/Scans_New
Form authentication
REST documentation
https://your-netsparker-server/docs/index#!/Scans/Scans_New
from sechub.
Client parts will be done on another issue, so closing this isue.
from sechub.
Related Issues (20)
- SecHub action workflow HOT 3
- SecHub Client Support `.bicep` HOT 1
- Provide gradle task `buildJavaApiAll` for plugin development
- Slight improvements on getting started doc
- Update getting started doc requirements
- Add SecHub Client in getting started doc
- Rename branch `master` to `release`
- Provide test reports from PDS solution mocks in `sechub-integration-test-reports.zip `
- Make job update logic resilient on database problems
- FalsePositive location strategy problem on missing end elements
- Provide a community branch and describe it inside contributions
- [Idea] Ability to increase the severity of specific CWEs to critical
- pds-xray: release and build
- Release Xray Wrapper 1.0.0
- Systemtest for Kics
- Add Documentation for Roles
- FindSecurityBugs encounters issues with java 21 HOT 1
- Techdoc: yaml template coding convention needs update
- Typo in deployment.yaml of pds-iac
- pds-iac: prepare build+publish scripts
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sechub.