In addition to support for form authentication, which Acunetix supports via the Login Sequence Recorder, you can also scan areas of a website or web application which are restricted through the means of HTTP Authentication.

HTTP Authentication, sometimes referred to as Basic Authentication, is a type of authentication that is formally defined in the HTTP standard (RFC 1954), and involves an end-user’s web browser sending the user’s credentials inside of the Authorization: Basic HTTP header to the server.

When HTTP Authentication is required, the user’s browser will prompt the user to enter a correct set of credentials before allowing access to the restricted area. This type of authentication is typically controlled by the server and differs from Form Authentication, which, in Acunetix, is handled by the Login Sequence Recorder.

In order to scan scan a website that makes use of HTTP Authentication, navigate to the Target you would like to enable HTTP Authentication on and navigate to the HTTP tab.

HTTP Authentication

From there you can enable HTTP Authentication and specify a username and password to use when Acunetix encounters an HTTP Authentication request by the web-server.

Ian Muscat

Ian Muscat used to be a technical resource and speaker for Acunetix. More recently, his work centers around cloud security and phishing simulation.