Authenticated Domain Scanning

This guide will walk you through the steps to set up authenticated domain scanning in Aikido, ensuring thorough and secure assessments.

This feature is only available on Pro and Scale Plans.
Option is only available for self-built domains (scans via ZAP)

Use Cases

Ensure comprehensive security assessments for protected areas of your website.
Identify vulnerabilities in authenticated sections of your domain.

Setting up authentication on a domain

Step 1: Go to the Domains Overview and open the action menu for a domain of your choice by clicking the triple dots. Select Authenticate Domain.

Step 2: Fill in the URL and email/password for the domain authentication. Click Test to let Aikido check whether it can access the domain with those credentials.

Step 3. Once the test has been succeeded, you can Confirm Authentication. Aikido will do a thorough scan and all results will appear in Aikido.

Supported Cases

Email or username and password login forms
Multi step login forms with email or username and password (forms where the password field is not visible until an email address is provided)
2FA is currently not supported.

Is your case not supported? Let us know via chat and we will look into it!

Allowing IP addresses for DAST & Surface monitoring

Slack notifications