Skip to main content

Configure authentication methods for web application scans

Veracode can use several authentication methods to scan your web applications. You can configure the following authentication methods in the Veracode Platform to provide access to Veracode to scan your web applications.

Configure login scripts

Use login script authentication if your application uses a customized or multi-step login form. You can record and upload a login sequence that Veracode uses to automatically log in to your application. This method is best for multi-step login sequences that include one or more authentication factors, such as username, password, or PIN. You can also combine login script authentication with basic authentication methods.

note

If you do not use Selenium IDE to record your script, it might not work as expected.

To complete this task:

  1. Record your login sequence script with Selenium IDE using supported Selenium commands. Save the JSON script in the .side file format, which is the standard format used by Selenium IDE.
  2. To upload the file, sign in to the Veracode Platform.
  3. Select Scans and Analysis > DAST Essentials.
  4. Locate the web application you want to configure. In the Actions column, select Configure.
  5. Select the Authentication tab.
  6. In the Enterprise mode authentication settings section, for Log in script, upload the file. Veracode supports both HTML and SIDE file formats, but recommends using SIDE for test suites and multi-step sequences. You can also provide a logout script if it is necessary.

Download a login script

If you use login script authentication and have uploaded a login script, you can download it to verify its information.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > DAST Essentials.
  3. Locate the web application from which you want to download the login script. In the Actions column, select Configure.
  4. Select the Authentication tab.
  5. In the Enterprise mode authentication settings section, from Log in script, download the file.

You can watch this video tutorial to learn how to create login scripts using Selenium IDE.

Use form-based login with a login script to create an authenticated DAST essentials analysis with the REST API.

Configure scanner variables

You configure scanner variables in the Veracode Platform to define information that you can reference in your login scripts for web application scans.

Configure client certificates

Add client certificate if your application requires a certificate for its login.

To complete this task:

  1. Sign in to the Veracode Platform.
  2. Select Scans and Analysis > DAST Essentials.
  3. Locate the web application you want to configure. In the Actions column, select Configure.
  4. Select the Authentication tab.
  5. In the Enterprise mode authentication settings section, under Client Certificate, drag the file from your File Explorer into the Certification field in the browser window. Alternatively, you can browse to and select the certificate file manually. Ensure the file is in PKCS#12 format, typically with a .pfx or .p12 extension.
  6. For Password, enter the certificate password to decrypt the private key in the .p12 file.
Last updated on