Skip to content

Credential Scanning

David edited this page May 4, 2013 · 8 revisions

Credential scanning

Vega supports a few different ways to scan with credentials. The two we recommend are:

Use the proxy scanner for semi-automated scanning

When the proxy scanner is enabled, Vega scans target paths with any cookies used by the client, preserving authenticated sessions during scanning. To do this, just log into your application through the proxy, ensure that scope includes the target, and browse with proxy scanning enabled.

Automated scanning with Identities

Vega supports a mechanism - 'Identities' - for supplying credentials to an application prior to an automated scan. This includes HTTP Basic/Digest, NTLM, and form based authentication (implemented with macros in Vega).

Clone this wiki locally