Skip navigation
3149 Views 8 Replies Latest reply: Mar 19, 2014 11:45 AM by WillB RSS
pejacoby Level 1 15 posts since
Dec 9, 2010
Currently Being Moderated

May 31, 2012 10:23 AM

WAS Authentication 'Test' button?

I'm new to the WAS module, but I'm already frustrated by the lack of a "TEST" button for the Authentication setup.

 

It would be very valuable to be able to immediately test my entries for Form, Server, or Selenium script authentication without having to run a Discovery scan.  Having to do a scan to see if my form fields are named right or my password got typed wrong is tedious and time-consuming.

 

That said, it would also be nice if there was one screen used to list and manage the various Authentication Records.

  • Axel Level 3 149 posts since
    Jul 23, 2010
    Currently Being Moderated
    May 31, 2012 12:30 PM (in response to pejacoby)
    WAS Authentication 'Test' button?

    Hi,

     

    We completely agree that the authentication test feature would definitely help anyone who just wants to test if credentials are correct without having to launch a scan. This is in fact something that we already have in our roadmap, but we could not have implemented it yet due to the way our scanner appliances connect to our datacenter.

     

    I will discuss it again with our scan team to see if we can come to a working solution in the near future, but this is definitely something that we expect to have in the application.

  • Axel Level 3 149 posts since
    Jul 23, 2010
    Currently Being Moderated
    May 31, 2012 12:46 PM (in response to pejacoby)
    Authentication Records List

    Also, concerning the list of authentication records, this would be indeed a good addition.

     

    When we first implemented support of authentication records, we expected an authentication record to be tighted to a web application and it would then have been more logical to edit it from this latter. But feedback from customers leads us indeed to think that a dedicated list of authentication records would facilitate their management and we have therefore added it to our roadmap, for Q4 this year (would be in WAS UI 2.6).

      • jkent@qualys.com Level 4 435 posts since
        Jul 24, 2010
        Currently Being Moderated
        Sep 17, 2013 12:15 PM (in response to pejacoby)
        WAS Authentication 'Test' button?

        Create a 5 link option profile and put the target URL as the login page.  This will let you cut the test down to about 3 minutes. 

         

        Check the Selenium Base, make sure its the base URL for the target.

         

        Also, you might want to switch out "Send Keys" for "Type" command.

         

        If you can show me the URL of the site, I can take a look at it.

         

        jkent AT qualys DOT com

      • Axel Level 3 149 posts since
        Jul 23, 2010
        Currently Being Moderated
        Sep 18, 2013 2:40 AM (in response to pejacoby)
        WAS Authentication 'Test' button?

        Hi,

         

        The authentication test functionnality is indeed still under discussion. We have 2 features planned:

         

        1/ The first one will help people fill their form record by letting user browse the site and select the login form. The application

         

        2/ The second introduces the Test button and will run a quick scan to get you the results.

         

        The second solution, the one you're interested in, is planned for 3.3. As part of it we plan to introduce a new task that would allow you to regularly check the validity of your records without having to go over them one by one (3.4)

         

         

        Also, as a side note, the authentication record list will be available in our very next release 3.1 - you will have access to both the UI section (see attached screenshot) and an API to easily manage them.

          • WillB Level 4 294 posts since
            May 2, 2011
            Currently Being Moderated
            Mar 19, 2014 11:45 AM (in response to pejacoby)
            WAS Authentication 'Test' button?

            Thanks for staying with us on this.  While we have made some progress internally in coming up with various alternatives to address this, we have so many feature requests that we have not been able to meet all our objectives.  One of the challenges we'll continue to face even with a quicker authentication test is the fact that the scanner's access to the application may be different than using your own browser, hence I am doubtful we'll be able to solve all issues where it works well in the browser but does not work exactly the same in the appliance.  We do hope to make more improvements in logging that may provide more insight as well.  We'll continue to work on this, and appreciate you continuing to let us know this is a difficult problem for you.  I'll contact you with a private message to get more info.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 6 points