From 18b998fd086b5116f8dcc432a1d14c9ec0ec0784 Mon Sep 17 00:00:00 2001 From: Mahmoud Adly Date: Wed, 4 Sep 2024 17:12:59 +0200 Subject: [PATCH 1/2] Add a DAST Scanner login note --- content/en/Platform Deep Dive/Scans/faq.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/content/en/Platform Deep Dive/Scans/faq.md b/content/en/Platform Deep Dive/Scans/faq.md index adec231e2..a2e301cb4 100644 --- a/content/en/Platform Deep Dive/Scans/faq.md +++ b/content/en/Platform Deep Dive/Scans/faq.md @@ -54,6 +54,10 @@ We don't have this feature open to customers yet. However, you can [contact us] ## Does the DAST Scanner support 2FA login? We don't have this feature open to customers yet. However, you can [contact us] if you can't work around this limitation to assist you. +## We use an external service for form-based authentication. Can the DAST Scanner handle this? +The DAST Scanner can handle this as long as you provide a login URL on the same domain as the target (e.g., `my.example.com/login`), and the crawler will follow the redirection to the external URL. +When in doubt, you can use the [sequence recorder] to record the login sequence. + ## Does the DAST Scanner support CAPTCHA? We don't support this feature yet. Here are some suggestions: - Disable CAPTCHA for the scanner's IP address. @@ -73,4 +77,5 @@ If the domains are different (e.g., example.de and example.co.uk), then they are [seed paths]: /platform-deep-dive/scans/targets/#configuring-a-target [contact us]: mailto:dast@cobalt.io [login form]: /platform-deep-dive/scans/target-auth/#using-a-login-form -[crawl report]: /platform-deep-dive/scans/#crawl-report \ No newline at end of file +[crawl report]: /platform-deep-dive/scans/#crawl-report +[sequence recorder]: /platform-deep-dive/scans/sequence-recorder From e51724bc926e4b442341527355b340ea676fee43 Mon Sep 17 00:00:00 2001 From: Mahmoud Adly Date: Wed, 4 Sep 2024 17:21:05 +0200 Subject: [PATCH 2/2] Improve the example domain --- content/en/Platform Deep Dive/Scans/faq.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/Platform Deep Dive/Scans/faq.md b/content/en/Platform Deep Dive/Scans/faq.md index a2e301cb4..ae1861188 100644 --- a/content/en/Platform Deep Dive/Scans/faq.md +++ b/content/en/Platform Deep Dive/Scans/faq.md @@ -55,7 +55,7 @@ We don't have this feature open to customers yet. However, you can [contact us] We don't have this feature open to customers yet. However, you can [contact us] if you can't work around this limitation to assist you. ## We use an external service for form-based authentication. Can the DAST Scanner handle this? -The DAST Scanner can handle this as long as you provide a login URL on the same domain as the target (e.g., `my.example.com/login`), and the crawler will follow the redirection to the external URL. +The DAST Scanner can handle this as long as you provide a login URL on the same domain as the target (e.g., `my-app.example.com/login`), and the crawler will follow the redirection to the external URL. When in doubt, you can use the [sequence recorder] to record the login sequence. ## Does the DAST Scanner support CAPTCHA?