This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
Netsparker supports various types of authentication mechanisms in the Netsparker Standard edition including Form; Basic, NTLM/Kerberos; Header; Client Certificate, Smart Card; OAuth2, and Manual.
In the Netsparker Standard 5.5 November 2019 Update, we introduced support for form authentication using an OTP. This new feature enables authenticated pages on target website applications to be included in scans.
Two types of One-Time-Password (OTP) are supported, TOTP (Time-based) and HOTP (HMAC-based). OTPs are generated by way of a Secret Key provided by the website.
Support for Form Authentication Using an OTP from a QR Code
In addition, we added support for configuring an OTP for form authentication from a QR Code. In cases where you don't have access to the information you need to complete the fields in the OTP Settings dialog shown above, you can generate them from a QR Code. Netsparker will then populate the fields in the OTP Settings dialog, retain this information and attempt to log in automatically.
For further information, see Configuring Form Authentication Using an OTP. For further information on other types of authentication supported in Netsparker Standard, see Overview of Authentication. For further information on other features in this release, see Netsparker Standard 5.5 – November 2019 Update.
Your Information will be kept private.