Astra Product

Astra Login Recorder – A Better Way to Secure Websites

Updated on: November 26, 2021

Astra Login Recorder – A Better Way to Secure Websites

Gone are the days when organizations used to run and scale their offline businesses at three-toed sloth’s speed. The inception of the Internet turned into a really pervasive and groundbreaking force in our life, with millions of Websites serving billions of web pages to people on a daily basis. Through various advancements, web and SaaS applications have become intelligent, dynamic and asynchronous. The Web’s pervasiveness and our dependence on it have made it basic to guarantee the quality and security rightness of these applications. To ensure this, the testing of web and SaaS applications have become a generally utilized strategy for validation. It is a long-standing, dynamic and diverse technique.

Today’s websites and web applications are categorized as static, dynamic, animated, single-page or multi-page applications. These applications require a comprehensive set of test cases that should ensure all the quality and security checks are met and the web application is completely secured against any kind of hacking attempt or vulnerability exploit. This is where Astra Pentest comes in.

Today, we are celebrating the launch of the Astra Login Recorder extension. This is the latest feature we recently added into our Astra Pentest solution (as a part of our automated vulnerability scanner) and is now available to our users.

Celebrating the birth of the Astra Login Recorder extension.

In order to scan a website thoroughly for security weaknesses, our vulnerability scanner requires desired authentication privilege (entered by a user) so that the scanner can smoothly perform the security checks behind the login pages as well. Previously, our users needed to enter the login details into Astra’s Pentest dashboard manually and it was becoming a quite time-consuming task. To solve this problem and make the process more hassle-free, we heard our users and decided to announce Astra Login Recorder into our Pentest solution.

Astra Login Recorder is available as a Google Chrome extension which allows you to instruct Astra’s vulnerability scanner on how to automatically authenticate into your website by recording your login sequence.

To set up Astra Login Recorder, follow these steps:

Step 1: Log in to your Project in Astra Pentest

Step 2: Go to the “Start an Audit” section by clicking on the “Start an Audit” button in the main dashboard.

Step 1:Log in to your Project in Astra Pentest Step 2:Go to the “Start an Audit” section by clicking on the Start an Audit button in the main dashboard.

And then click on Edit () button to set up and configure the Scan Behind Login feature. 

Step 3: Enter Test Credentials for User Roles (Eg. Admin, Customer, Super Admin etc)

Step 3: Enter Test Credentials for User Roles

Click onSave & Next” button.

Step 4: Follow the steps mentioned in the Login Recording (Step 2 in dashboard) to download and configure the extension.

Follow the steps mentioned in the Login Recording (Step 2 in dashboard) to download and configure the extension.

To download and install the login recording extension from the Chrome web store, click on the Astra Login Recorder hyperlinked text. Upon clicking the text, It will redirect you to the Astra Login Recorder page of Google’s Chrome web store.

To download and install the login recording extension from the Chrome web store, click on the Astra Login Recorder hyperlinked text.

When you Add to Chrome, the extension will be installed on your browser. Once it is installed, you’ll be able to see the Astra Security icon in your browser.

Once added to Chrome, the extension will be installed on your browser. Once it is installed, you'll be able to see the Astra Security icon in your browser.

You can now click on the extension and it will open the Login Recorder window where you can enter the login URL of your site. (For example: If your site is running on WordPress, your login URL might look like this: www.yourwebsite.com/login/)

click on the extension and it will open the Login Recorder window where you can enter the login URL of your site.
  • Now, click on “Start Recording” button after entering your login URL. 
  • After clicking the Start Recording button, your Astra Pentest dashboard will be launched
  • After successful login, simply click on “Stop Recording” button.
  • Now, you’ll be asked to verify the recording. You can verify it by clicking the “Verify Recording”  button.
You’ll be asked to verify the recording. You can verify it by clicking the “Verify Recording”  button
  • After verifying the recording, a .json file gets created. Download this file by simply clicking on “Download” button.
After verifying the recording, a .json file gets created. Download this file by simply clicking on “Download” button.

Step 5: Upload your downloaded .json file into your Astra Pentest dashboard.

Astra Pentest dashboard
  • Click on “Upload Recorded File” button to upload your .json file.
  • And click on “Save and Next” to save your Login Recording configuration that now includes the login sequence file.
  • Your configuration for Login Recording is successfully finished. You can now start an audit for your project.

This new Login Recording feature authenticates your website and provides the login sequence to the vulnerability scanner in order to scan the website thoroughly for any security weaknesses and exploitable vulnerabilities. Astra Login Recorder compliments Astra’s Vulnerability Scanner to be able to work effectively with any kind of implementation of authentication within a website or web application.

As a following step, you will need to provide a bit of information to create logged in identifiers so that the scanner knows whether its logged in or not.

Here is a short video guide to help you understand this step.

Have any questions? Want to praise our amazing development team for developing this feature? Feel free to comment below. 

Try Astra Login Recorder today! Thank you 🙂 

Was this post helpful?

Kanishk Tagade

Kanishk Tagade is a Marketing Manager at Astra Security. Having a hawk-eyed view on the cybersecurity threat landscape, market-shifts, and hacktivism activities, Kanishk is a community member of the Nasscom and corporate contributor at many technology magazines and security awareness platforms. Editor-in-Chief at "QuickCyber.news", his work is published in more than 50+ news platforms. He is also a social micro-influencer for the latest cybersecurity defense mechanisms, Digital Transformation, Machine Learning, AI and IoT products.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany