Merge pull request #537 from cobalthq/chore/FX-4560/add-dast-login-re…

…direct-note Add a DAST Scanner login note
cobalthq · Sep 5, 2024 · 362c757 · 362c757
2 parents 0d514f3 + e51724b
commit 362c757
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/content/en/Platform Deep Dive/Scans/faq.md b/content/en/Platform Deep Dive/Scans/faq.md
@@ -54,6 +54,10 @@ We don't have this feature open to customers yet. However, you can [contact us]
 ## Does the DAST Scanner support 2FA login?
 We don't have this feature open to customers yet. However, you can [contact us] if you can't work around this limitation to assist you.
 
+## We use an external service for form-based authentication. Can the DAST Scanner handle this?
+The DAST Scanner can handle this as long as you provide a login URL on the same domain as the target (e.g., `my-app.example.com/login`), and the crawler will follow the redirection to the external URL.
+When in doubt, you can use the [sequence recorder] to record the login sequence.
+
 ## Does the DAST Scanner support CAPTCHA?
 We don't support this feature yet. Here are some suggestions:
 - Disable CAPTCHA for the scanner's IP address.
@@ -73,4 +77,5 @@ If the domains are different (e.g., example.de and example.co.uk), then they are
 [seed paths]: /platform-deep-dive/scans/targets/#configuring-a-target
 [contact us]: mailto:dast@cobalt.io
 [login form]: /platform-deep-dive/scans/target-auth/#using-a-login-form
-[crawl report]: /platform-deep-dive/scans/#crawl-report
+[crawl report]: /platform-deep-dive/scans/#crawl-report
+[sequence recorder]: /platform-deep-dive/scans/sequence-recorder