Comments (3)
JSON format
The next example json shows up different login configurations at once. In real world scenario only one.
So only basic
or form
in combination of either autodetect
or script
should be used.
{
"apiVersion": "1.0",
"webScan": {
"uris": [
"https://productfailure.demo.example.org"
],
"login": {
"url": "https://productfailure.demo.example.org/login",
"basic": {
"realm": "${{ .LOGIN_REALM }}",
"user": "${{ .LOGIN_USER }}",
"password": "${{ .LOGIN_PWD }}"
},
"form": {
"autodetect": {
"user": "${{ .LOGIN_USER }}",
"password": "${{ .LOGIN_PWD }}"
},
"script": [
{
"step": "username",
"selector": "#example_login_userid",
"value": "${{ .LOGIN_USER }}"
},
{
"step": "password",
"selector": "#example_login_pwd",
"value": "${{ .LOGIN_PWD }}"
},
{
"step": "input",
"selector": "#example_additional_locaion_field",
"value": "munich"
},
{
"step": "click",
"selector": "#example_login_login_button"
}
]
}
}
}
}
The example above would be suitable for our go client. The client would replace LOGIN_USER and LOGIN_PWD template variables with dedicated entries from environment. So passwords would not be inside the configuration file and are injectable at runtime (e.g. on a Jenkins Build by secret credentials)
Projects not using go client but having a direct approach would be responsible itself to ensure their secrets are not leaked: Either use a generated config file at runtime, or provide placeholders like done in go client by themselfes (e.g. a ${loginUser} ) etc.
We provide following step types:
- input
Use this to setup an input field. Needs selector and value - username
Same as input, but tagged as being credential part. SecHub will try to hide this information where
possible. Please use this for username at login. - password
Same as input, but tagged as being credential part. SecHub will try to hide this information where
possible. Please use this for password at login. - click
Use this to do a click operation. Needs only selector.
from sechub.
Netsparker
Basic authentication
REST documentation
https://your-netsparker-server/docs/index#!/Scans/Scans_New
Form authentication
REST documentation
https://your-netsparker-server/docs/index#!/Scans/Scans_New
from sechub.
Client parts will be done on another issue, so closing this isue.
from sechub.
Related Issues (20)
- Enlarge project_id database varchar field
- SarifImporter in Sereco shall handle version control data in run and gitleaks revision information
- Fix thymeleaf warnings
- Release Server 1.9.0
- Release Client 1.5.0
- Release PDS 1.6.0
- SecHub gh-action: Default to client v1.5.0
- Add false positive limit to documentation HOT 1
- Improve user message coming from pds-gitleaks
- Perform multiple requests to mark false positives if the false positives list exceeds the accepted limit of the SecHub server
- Enrich email body when mail address of user gets changed
- Provide a subframework to encrypt data at rest
- SecHub gh-action: Integration tests with client 1.5.0
- Improve remote Data validator
- sechub-api.sh: no authentication on anonymous api calls
- Remote Data Section - Documentation
- Issue in github action documentation
- Implement first version of a spring application that helps to categorize and verify secretscan results
- Reduce visibility of deployment variables inside PDS caller scripts
- Ignore whitespaces when parsing github action scan types
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sechub.