Denim Group has been acquired by Coalfire. Learn More>>

Creating a Test Suite for Scanner Login Capabilities

Cody IMG_07181

We received a lot of great feedback on William’s blog post titled “Automated Application Scanning: Handling Complicated Logins with AppScan and Burp Suite” Dinis Cruz has some excellent commentary on his blog post “A Small Step for AppSec, a Large Step for Knowledge Sharing

Some folks wanted access to the original site in order to test their scanner’s or service’s automated login capability against it. For a variety of reasons that’s not possible so instead I put together a couple of PHP pages that provide equivalent functionality and put them up in a GitHub project called authexamples. This specific example is in the loginplusquesion/ subdirectory, but I tried to lay out the project in such a way that other folks could contribute their tricky authentication examples to create a test bed of sorts. I kind of figured this might be of use for scanner developers as well as aspiring scanner users. We’ll see if this catches on!

What other interesting authentication schemes have folks seen that could be included?

Contact us for help getting the most out of your investment in scanning tools.


dan _at_


Posted via email from Denim Group’s Posterous

About Dan Cornell

Dan Cornell Web Resolution

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

One Response to “Creating a Test Suite for Scanner Login Capabilities”

  1. Stephendv

    I posted a screencast on how to automate authentication tests and burp scanning using the BDD-Security framework:

    The framework is based on Selenium webdriver, so it can be configured with copy and paste from Selenium IDE.

Leave a Reply

Your email address will not be published. Required fields are marked *