Product Update: Application Authentication Updates

Our latest product update enhances our authentication on the AppCheck scanner with new extended support being added for Digest and NTLM authentication. As always, if you require any more information on this topic or want to see what unexpected vulnerabilities AppCheck can pick up in your website and applications then please contact us: info@localhost.

We’re happy to announce enhancements to our existing application authentication protocols with new, extended support available for both Digest and NTLM authentication on the AppCheck scanner.

Some applications are behind HTTP authentication in addition to or instead of application level authentication. Recently, we have encountered some new authentication types we have needed to support in the DAST scanner.

AppCheck DAST has supported NTLM authentication for some time, but has not supported LMCompatibilityLevel=5, so we are pleased to announce that this authentication method is now supported.

As well as NTLM updates, we have now updated the DAST scanner to support Digest scheme authentication which we have seen an increasing use of in recent months.

The new options can be found in the Authentication Configuration section of web application scans.

 

Benefits this feature provides:

  • Support for scanning applications protected by HTTP Digest authentication.
  • Support for scanning applications protected by HTTP NTLM authentication (where Windows Server is configured to use LMCompatibilityLevel=5 and/or IIS service is configured with “Extended protection for authentication=Required”.

 

Screenshots:

 

Other recent product updates include:

 

Additional Information

As always, if you require any more information on this topic or want to see what unexpected vulnerabilities AppCheck can pick up in your website and applications then please contact us: info@localhost

 

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Get started with Appcheck

No software to download or install.

Contact us or call us 0113 887 8380

About Appcheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorized by te Common Vulnerabilities and Exposures (CVE) Program aas a CVE Numbering Authority (CNA)

No software to download or install.
Contact us or call us 0113 887 8380

Start your free trial

Your details
IP Addresses
URLs

Get in touch