Test Authentication

You can test authentication records for web applications you define without having to run a Discovery scan. You can quickly test authentication for a web application and test the scanner's ability to authenticate to a web application.

Test authentication feature is available only if it is enabled for your subscription. If you're interested enabling this feature, please contact Qualys Support or Technical Account Manager.

How do I launch a Test Authentication scan?

Go to Web Applications > Web Applications and select the web application and select Test Authentication from the quick actions menu.

 Scan Name option in Scan details pane when you launch a test authentication scan.

By default, we use the following format for the name of the authentication test.

Authentication test  - <name of the web application> - <date in yyyy-mm-dd format>

What settings do I need to configure?

You can choose the authentication record to be tested in Authentication section and configure other settings similar to scan settings. As this is a quick authentication test, only few and not all scan settings need to be configured. Being a quick scan, we use system generated (non-editable) option profile named as Authentication Test.

Authentication Test named option profile is listed in Option Profile tab.

Similarly, for search list, we use system generated (non-editable) search list named as Authentication Test.

System search lists named Authentication Test is listed in Search Lists tab.

How do I filter Authentication Test scan?

You can use the new filter ‘Authentication Test’ in Type that we added to view only authentication test scans. You could also identify them with the icon associated with the authentication test.

Filter named Authentication Test in left pane to filter authentication test scans.

Tell me about Authentication Test Report

Once the authentication test scan is in Finished state, select View Report from the quick actions menu and view the Authentication Test scan report.

Example of Authentication Test Report under Reports.

Note - Authentication test can be only configured for a single scan. You cannot configure authentication test for a multi-scan or a scheduled scan.