Tuesday, August 11, 2015

Netsparker scanning of a secured ASP.NET Web site

I was recently trying to use Netsparker to perform a vulnerability scan of my secured ASP.NET Website (using Forms Authentication), when I discovered that Netsparker could not properly authenticate against my website with the credentials I provided!

Well, Netsparker support provided me with a workaround for using Custom Cookies to authenticate against my website:

https://netsparker.zendesk.com/entries/351822-Custom-Cookies

https://netsparker.zendesk.com/entries/260427-how-can-i-set-custom-cookies-for-a-website

In order to view the necessary custom cookies for your website, you will need to use Developer Tools such as Mozilla Firefox, Google Chrome, IE Developer Tools or Telerik Fiddler to copy the Cookie information and then subsequently paste it into Netsparker for passing the necessary authentication request credentials.


No comments:

Post a Comment