Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Adding login credentials to authenticated scan in Deep Security for Web Apps

    • Updated:
    • 29 Jan 2014
    • Product/Version:
    • Deep Security for Web Apps 2.0
    • Platform:
    • N/A N/A
Summary
This article discuses how to submit your login credentials from within your Deep Security for Web Apps account in order for Trend Micro to perform an authenticated scan.
Details
Public
To update your web app request with your login credentials:
  1. Go to the Deep Security for Web Apps console.
  2. Click the Administration tab. On left column, click Web Applications.
  3. On the Web Applications page, click the URL of the web application that you want to edit.
    If your users must sign in to access parts of your web application, use the Authenticated Scanning section to specify the login credentials that Deep Security for Web Apps can use when performing scans.
  4. To specify new authentication information, click Enable. In the window that appears, select the Authentication Type used by your web application, either Form-based Authentication or Basic Authentication and then click Continue. The window that appears next will vary depending on the type of authentication that you selected: 
    • If you selected Form-based Authentication, enter the following information and then click Finish:
      • Login URL: The URL of the authentication form.
      • Logout URL: (Optional) If your web application has logout URL, provide it here. This will prevent Deep Security for Web Apps from accidentally logging out during a scan.
      • Form Fields: (Optional) Click Fetch. Deep Security for Web Apps parses the HTML of your login page and gets a list of the input fields that it contains. To remove a field from the list, click the Xbutton next to it. To add a field that was not fetched automatically, click the plus (+) button. In the Field Value column, enter values that Deep Security for Web Apps can use to log in to the web application. If you do not want to display a value in plain text in the Deep Security for Web Apps console (for example, for a password field), select Hide.
      • Submit Type: (Optional) Specifies how the form is submitted. In the first drop-down list, select Button, Image, Link, or JavaScript. If you selected Button, Image, or Link, choose ID, Name, or Class from the second drop-down list and in the third box, enter its value. If you selected JavaScript, enter the JavaScript-related code (including the tags) for the submit action in the box that appears.
    • If you selected Basic Authentication, enter this information and then click Finish:
      • Login URL: The URL of the authentication page.
      • Logout URL: (Optional) If your web application has logout URL, provide it here. This will prevent Deep Security for Web Apps from accidentally logging out during a scan.
      • User Name: User name that Trend Micro can use to log in and perform scanning.
      • Password: Password that Trend Micro can use to log in and perform scanning.
To update the authentication information for authenticated scanning:
If you previously entered authentication information, it appears in the Authenticated Scanning section. To update the information, click Edit, make the changes and then click Finish. To disable authentication, click Disable and then click Yes in the confirmation box that appears.
You also need to whitelist the Trend Micro IP addresses so they are not blocked by an IPS or firewall.
  • Automated scanning are from the following IPs: 150.70.188.20 to 150.70.188.3.
  • Expert manual testing are from the following IPs: 111.93.93.210 to 111.93.93.214
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy; Register
Solution Id:
1102053
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.