Beagle Security allows you to test websites behind a login. But there are a few things you should keep in mind before adding login credentials.
Beagle Security will test the application thoroughly by clicking every button and filling every form field with sample data wherever applicable. The sample data can be text, images or any other files types.
Things to avoid
Do not use admin login credentials when scanning a production environment as Beagle Security will crawl and click on everything we find on our way
Do not add admin login credentials for websites developed in Content Management Systems (CMS) like WordPress, Joomla, Drupal etc
Don’t add user credentials of user types that have permission to alter front-end or customer-facing data when scanning a production environment
Best practices
Keep a backup of the website if you wish to test the production environment. You’ll be able to restore the backup if the website data gets altered in any way during the penetration test
If you wish to test the admin functionalities of your website, please isolate the environment from production and proceed in a testing environment
Add user credentials of an account with least-privilege (or create a separate user account with least-privilege specifically for the automated penetration testing purpose on Beagle Security) when testing in a production environment.
Important: This is applicable for user credentials added via Login Form Authentication and Recorded Login Sequences in Application Settings.
