All Categories Authenticated Testing What are the important things to keep in mind before starting an authenticated test?

What are the important things to keep in mind before starting an authenticated test?

By Rejah Rehim
March 21, 2021

Beagle Security allows you to test websites behind a login. But there are a few things you should keep in mind before adding login credentials.

Beagle Security will test the application thoroughly by clicking every button and filling every form field with sample data wherever applicable. The sample data can be text, images or any other files types.

Things to avoid

  • Do not use admin login credentials when scanning a production environment as Beagle Security will crawl and click on everything we find on our way

  • Do not add admin login credentials for websites developed in Content Management Systems (CMS) like WordPress, Joomla, Drupal etc

  • Don’t add user credentials of user types that have permission to alter front-end or customer-facing data when scanning a production environment

Best practices

  • Keep a backup of the website if you wish to test the production environment. You’ll be able to restore the backup if the website data gets altered in any way during the penetration test

  • If you wish to test the admin functionalities of your website, please isolate the environment from production and proceed in a testing environment

  • Add user credentials of an account with least-privilege (or create a separate user account with least-privilege specifically for the automated penetration testing purpose on Beagle Security) when testing in a production environment.

Important: This is applicable for user credentials added via Login Form Authentication and Recorded Login Sequences in Application Settings.


Was this article helpful?