We’re happy to announce enhancements to our existing application authentication protocols with new, extended support available for both Digest and NTLM authentication on the AppCheck scanner.

Some applications are behind HTTP authentication in addition to or instead of application level authentication. Recently, we have encountered some new authentication types we have needed to support in the DAST scanner.

AppCheck DAST has supported NTLM authentication for some time, but has not supported LMCompatibilityLevel=5, so we are pleased to announce that this authentication method is now supported.

As well as NTLM updates, we have now updated the DAST scanner to support Digest scheme authentication which we have seen an increasing use of in recent months.

The new options can be found in the Authentication Configuration section of web application scans.

Benefits this feature provides:

• Support for scanning applications protected by HTTP Digest authentication.
• Support for scanning applications protected by HTTP NTLM authentication (where Windows Server is configured to use LMCompatibilityLevel=5 and/or IIS service is configured with “Extended protection for authentication=Required”.

Screenshots:

Other recent product updates include:

• User Interface Refresh
• Alerts & Notifications Panel
• Windows Patch Detection Enhancements

Additional Information

As always, if you require any more information on this topic or want to see what unexpected vulnerabilities AppCheck can pick up in your website and applications then please contact us: info@appcheck-ng.com

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network, and cloud infrastructure. AppCheck are authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).