Dear Support Team,
We used a trial for Rapid7 DAST InsightAppSec to test and buy the tool if it works with us .We configure our scan for webapp with site automated authentication type and verify the login and it was successful.However when we start the scan the authentication login and logout many times as shown in this figure.We downloaded the logs for more investigations but no luck .Any advise?
We appreciate if you can support us
We are experiencing the same issue, while using Automated Login.
It appears the auth credentials we are using is encrypted by InsightAppSec, which is causing the login to fail.
We verified this by testing the login in with the Verify Credentials plugin, which entered the encrypted credentials on the login form and failed.
The question to support is how do we leave the credentials as plaintext, or bypass this issue.
Hi there - it is quite likely that you would need to configure your AuthConfig.SessionLossRegex or AuthConfig.SessionLossHeaderRegex to better suit your site and be more indicative of logout.
I would suspect that there maybe something on your sites that is triggering one of those regex’s to match, indicating to IAS scan engine that the session is lost which would result in automated login issues.
If you cannot remediate this issue via the above information please open a support case with logs as this would provide our team with additional information to provide a more targeted solution. thanks!