Login Page Identifier
The Login Page Identifier is a security check that detects all login pages.
Acunetix 360 crawls and attacks your website to discover all vulnerable points. To do that, it tries to find and follow all URLs in your website to populate the Sitemap. Thanks to this procedure, Acunetix 360 is also able to detect all login pages on your website. This feature is particularly useful if you find it difficult to keep track of a large number of websites.
This security check can be configured, by increasing or decreasing the weight of variables, such as password input and adding new keywords.
Information | |
During the scan, Acunetix 360 analyses keywords that are specified in the Scan Policy for each page and calculates the weights that are attributed to different variables. If the total result exceeds the threshold value of 75, Acunetix 360 reports this webpage as a login page. |
It is reported both in the Sitemap and Issues panel as an Information Alert.
The Login Page Identifier check is enabled by default.
For further information, see Scan Policy Fields, Security Checks, and Configuring and Verifying Form Authentication in Acunetix 360.
Login Page Identifier Fields
This table describes the fields in the Login Page Identifier panel.
Field | Description |
Weight of the Login Keyword in Form Element | This is the weight for the expected HTML element. This weight is added to the total weight if attributes of the form include any login keyword listed below. The default weight is 30. |
Weight of the Login Keyword in Window Location | This is the weight for the window location. This weight is added to the total weight, if the location's pathname or fragment part contains a login keyword listed below. The default weight is 25. |
Login Form Weight Threshold | This is the minimum weight to identify login forms. If the total weight is equal to or greater than the threshold value, Acunetix 360 reports a Login Page Identified issue. The default threshold value is 75. |
Login Keywords | These are keywords to search for within forms and window locations. |
Weight of the Password Input | This is the weight for the password input. This weight is added to total weight when a single password is found. The default weight is 30. |
Weight of the Remember Me Input | This is the weight for the Remember Me checkbox input. This weight is added to total weight when a checkbox whose name, className, or id contains the ‘remember’ keyword. The default weight is 30. |
Weight of Submit Button | This is the weight for the Submit button. This weight is added to total weight when Acunetix 360 finds a submit button in the form. The default weight is 15. |
Input Type Names for Username | This is the keyword to use to detect username input. Any input with the given type is considered to be username input. |
Weight of Username Input | This is the weight for the username input. This weight is added to the total weight when input is found matching the username criteria. The default weight is 15. |
Username Keywords | This is the keyword to be searched for in the username input. |
Information | |
A weight of 0 means that the element will be skipped during analysis. |
How to Configure the Login Page Identifier Security Check in Acunetix 360
- Log in to Acunetix 360.
- From the main menu, click Policies, then New Scan Policy. The New Scan Policy window is displayed.
- Click the Security Checks tab.
- Select the Login Page Identifier checkbox.
- If required, configure the settings as outlined in the table.
- Click Save.