Unlocking the Power of Macro Authentication in Application Security: Part Two

Unlocking the Power of Macro Authentication in Application Security: Part Two

This blog post is part two of a three-part series on macro authentication. Be sure to catch up on part one here!


Welcome to part two in our “Unlocking the Power of Macro Authentication” series! Where we last left off, we added a macro file into our dynamic application security testing (DAST) solutions, InsightAppSec and AppSpider for authentication and, because there was an error, the scan failed. There can be many types of errors, and there may be one or more ways to solve the same problem. Because of this, it is important to know where to look and understand how macro authentication works.


In this post, we will review how to understand these error messages and what steps to take to get our authentication macro working.


Why did my macro fail?


If this happens, one of the first steps would be to review the Event Logs of the scan in order to find out exactly what in the macro failed. Here are a couple things to verify before we jump straight to the event logs:


Check that the credentials provided and used when recording a macro for authentication are still valid and working. In case the credentials aren’t valid anymore, you can record a macro the same way as described in the section “How do I record a macro?” in part one.
Verify again the perspective of your application and how InsightAppSec or AppSpider will “see” it. If your application is accessible only after allowing ..

Support the originator by clicking the read the rest link below.