Gone are the days when organizations used to run and scale their offline businesses at three-toed sloth’s speed. The inception of the Internet turned into a really pervasive and groundbreaking force in our life, with millions of Websites serving billions of web pages to people on a daily basis. Through various advancements, web and SaaS applications have become intelligent, dynamic and asynchronous. The Web’s pervasiveness and our dependence on it have made it basic to guarantee the quality and security rightness of these applications. To ensure this, the testing of web and SaaS applications have become a generally utilized strategy for validation. It is a long-standing, dynamic and diverse technique.
Today’s websites and web applications are categorized as static, dynamic, animated, single-page or multi-page applications. These applications require a comprehensive set of test cases that should ensure all the quality and security checks are met and the web application is completely secured against any kind of hacking attempt or vulnerability exploit. This is where Astra Pentest comes in.
Today, we are celebrating the launch of the Astra Login Recorder extension. This is the latest feature we recently added into our Astra Pentest solution (as a part of our automated vulnerability scanner) and is now available to our users.
In order to scan a website thoroughly for security weaknesses, our vulnerability scanner requires desired authentication privilege (entered by a user) so that the scanner can smoothly perform the security checks behind the login pages as well. Previously, our users needed to enter the login details into Astra’s Pentest dashboard manually and it was becoming a quite time-consuming task. To solve this problem and make the process more hassle-free, we heard our users and decided to announce Astra Login Recorder into our Pentest solution.
Astra Login Recorder is available as a Google Chrome extension which allows you to instruct Astra’s vulnerability scanner on how to automatically authenticate into your website by recording your login sequence.
To set up Astra Login Recorder, follow these steps:
Step 1: Log in to your Project in Astra Pentest
Step 2: Go to the “Start an Audit” section by clicking on the “Start an Audit” button in the main dashboard.
And then click on Edit () button to set up and configure the Scan Behind Login feature.
Step 3: Enter Test Credentials for User Roles (Eg. Admin, Customer, Super Admin etc)
Click on “Save & Next” button.
Step 4: Follow the steps mentioned in the Login Recording (Step 2 in dashboard) to download and configure the extension.
To download and install the login recording extension from the Chrome web store, click on the Astra Login Recorder hyperlinked text. Upon clicking the text, It will redirect you to the Astra Login Recorder page of Google’s Chrome web store.
When you Add to Chrome, the extension will be installed on your browser. Once it is installed, you’ll be able to see the Astra Security icon in your browser.
You can now click on the extension and it will open the Login Recorder window where you can enter the login URL of your site. (For example: If your site is running on WordPress, your login URL might look like this: www.yourwebsite.com/login/)
- Now, click on “Start Recording” button after entering your login URL.
- After clicking the Start Recording button, your Astra Pentest dashboard will be launched.
- After successful login, simply click on “Stop Recording” button.
- Now, you’ll be asked to verify the recording. You can verify it by clicking the “Verify Recording” button.
- After verifying the recording, a .json file gets created. Download this file by simply clicking on “Download” button.
Step 5: Upload your downloaded .json file into your Astra Pentest dashboard.
- Click on “Upload Recorded File” button to upload your .json file.
- And click on “Save and Next” to save your Login Recording configuration that now includes the login sequence file.
- Your configuration for Login Recording is successfully finished. You can now start an audit for your project.
This new Login Recording feature authenticates your website and provides the login sequence to the vulnerability scanner in order to scan the website thoroughly for any security weaknesses and exploitable vulnerabilities. Astra Login Recorder compliments Astra’s Vulnerability Scanner to be able to work effectively with any kind of implementation of authentication within a website or web application.
As a following step, you will need to provide a bit of information to create logged in identifiers so that the scanner knows whether its logged in or not.
Here is a short video guide to help you understand this step.
Have any questions? Want to praise our amazing development team for developing this feature? Feel free to comment below.
Try Astra Login Recorder today! Thank you 🙂