The method for configuring the authentication of the test site can differ from test tool to test tool. Some test tools allow you to set up a profile on the tool itself that handles authentication - for example, some tools allow you to log into the tool, record a 'macro' that lets the tool log into the site, and then allow that macro to be replayed during automated testing by specifying the recorded profile. Other tools will ask for more details, such as the login page, test usernames and passwords, and allow you to set default headers, etc.
At the very least, the Uleska Platform will request you complete the 'Version Name' and 'Url' configurations for dynamic testing.
It should be noted that the security tool industry does not have a common way to feed URL, authentication, and other important information into security tools. There are efforts underway in the industry to fix this, but until such a standard comes about and is adopted by all dynamic tools, wrapping dynamic testing into automation will always require a bit of setup and trial and error.
If you wish to create a version (testing stage) that is to run DAST (Dynamic Application Security Testing) tools, then you can configure this in the Uleska Platform.
The Uleska Platform then allows you to configure a number of authentication modes and technical details to facilitate security tools conducting authenticated security scans of your sites.
There are three forms of authentication modes currently supported in the Uleska Platform. As mentioned other tools may also facilitate authentication through their profiles and recorded macros.
Basic (or Form Based) Authentication
To configure your security scanning stage for Form-Based Authentication:
Alternatively, you can use Google Toolkit authentication if that is what the target site uses.
If the target site is using Key Cloak for authentication then:
If your authentication mode requires login usernames and passwords to be passed, these can be set under the 'Roles and Users' tab. In this tab you can set credentials for multiple roles, which facilitates the Uleska Platform to call dynamic tools multiple times (once per role).
The reason for doing this is if your dynamic site has varying pages or functionality available to different roles. Think of a system that has standard user roles and an admin role. Typically the admin role would see very different pages and functionality from the standard roles. Testing with one role would not provide coverage of all the endpoints of the site and may leave vulnerabilities undiscovered.