Most Targets that you will be scanning using Acunetix will have a restricted area which requires authentication. When configuring the Target, you can configure form-based authentication from the Target’s settings > Site Login. Here you need to choose between auto-login and pre-recorded login sequence.
You should initially configure Acunetix to “Try and auto-login into the site”. This should work for most web applications that use a simple login / logout mechanism. Acunetix will try to automatically detect the login screen, the logout link (which will be restricted) and a pattern which is used to identify that the session is still valid.

If the auto-login fails, or your web application requires multiple steps to authenticate or log out, you will need to configure the login sequence manually. This can easily be done using the Acunetix Login Sequence Recorder.

Nicholas Sciberras
Chief Technical Officer
As the CTO at Acunetix, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams and provided technical training.