Login Page Identifier

The Login Page Identifier is a security check that detects all login pages.

Acunetix 360 crawls and attacks your website to discover all vulnerable points. To do that, it tries to find and follow all URLs in your website to populate the Sitemap. Thanks to this procedure, Acunetix 360 is also able to detect all login pages on your website. This feature is particularly useful if you find it difficult to keep track of a large number of websites.

This security check can be configured, by increasing or decreasing the weight of variables, such as password input and adding new keywords.

if_Gnome-Dialog-Information-64_55568.png

Information

During the scan, Acunetix 360 analyses keywords that are specified in the Scan Policy for each page and calculates the weights that are attributed to different variables. If the total result exceeds the threshold value of 75, Acunetix 360 reports this webpage as a login page.

It is reported both in the Sitemap and Issues panel as an Information Alert.

The Login Page Identifier check is enabled by default.

For further information, see Scan Policy Fields, Security Checks, and Configuring and Verifying Form Authentication in Acunetix 360.

Login Page Identifier Fields

This table describes the fields in the Login Page Identifier panel.

Field

Description

Weight of the Login Keyword in Form Element

This is the weight for the expected HTML element. This weight is added to the total weight if attributes of the form include any login keyword listed below.

The default weight is 30.

Weight of the Login Keyword in Window Location

This is the weight for the window location. This weight is added to the total weight, if the location's pathname or fragment part contains a login keyword listed below.

The default weight is 25.

Login Form Weight Threshold

This is the minimum weight to identify login forms. If the total weight is equal to or greater than the threshold value, Acunetix 360 reports a Login Page Identified issue.

The default threshold value is 75.

Login Keywords

These are keywords to search for within forms and window locations.

Weight of the Password Input

This is the weight for the password input. This weight is added to total weight when a single password is found.

The default weight is 30.

Weight of the Remember Me Input

This is the weight for the Remember Me checkbox input. This weight is added to total weight when a checkbox whose name, className, or id contains the ‘remember’ keyword.

The default weight is 30.

Weight of Submit Button

This is the weight for the Submit button. This weight is added to total weight when Acunetix 360 finds a submit button in the form.

The default weight is 15.

Input Type Names for Username

This is the keyword to use to detect username input. Any input with the given type is considered to be username input.

Weight of Username Input

This is the weight for the username input. This weight is added to the total weight when input is found matching the username criteria.

The default weight is 15.

Username Keywords

This is the keyword to be searched for in the username input.

if_Gnome-Dialog-Information-64_55568.png

Information

A weight of 0 means that the element will be skipped during analysis.

How to Configure the Login Page Identifier Security Check in Acunetix 360
  1. Log in to Acunetix 360.
  2. From the main menu, click Policies, then New Scan Policy. The New Scan Policy window is displayed.

  1. Click the Security Checks tab.

  1. Select the Login Page Identifier checkbox.

  1. If required, configure the settings as outlined in the table.
  2. Click Save.

 

« Back to the Acunetix Support Page