About
The Weak Authentication scan checks your authorization method against a number of standard rules for authorization security.
If the scan does not reveal any information about possible vulnerabilities, it passes successfully.
If the scan has Failed, that may indicate your service uses inefficient authorization schemes and is vulnerable to impersonation and other authentication-based security breaches.
Requirements
-
This scan is applicable to all types of test steps or requests.
-
To use this scan, you need a ReadyAPI Test license. If you do not have it, request it on our web site or start a trial.
How it works
The Weak Authentication scan uses assertions to validate requests and responses and check if they include any information about potential vulnerabilities.
If all assertions pass successfully, PASS
will be logged for that response. If any assertion fails, FAIL
will be logged.
If you have not applied any assertions to the scan, Unknown will be logged for the response. |
Assertions
-
Default Assertions
Weak Password detection – Checks whether the password follows a defined set of rules.
Basic Authorization Detection – Checks if the request uses basic authorization. -
Recommended Assertion
Response SLA – Verifies that your service responds within expected time even after receiving unexpected input.
Parameters
Use the following options to configure the scan Strategy:
Option | Description |
---|---|
Apply to Failed Test Steps | Select to run the scan even if the target test step fails. |
Run only once | Select to run the scan only once for each test step, even if ReadyAPI runs that step several times for a test case. |
Related materials
See Also
Weak Password Assertion
Response SLA Assertion
Security Scans Types