Skip to main content
All CollectionsWeb-application scanningFAQs
⚠️ Adding admin credentials
⚠️ Adding admin credentials

Things to be aware of when adding admin credentials

Naomi Purvis avatar
Written by Naomi Purvis
Updated over a week ago

When you start a scan against targets which have authentications Intruder's scanner will attempt to login using your authentications and will begin scanning your applications. This will involve:

  • Our scanner crawling all pages within your application

  • Identifying different points where data can be sent to your application

  • Sending data (and crafted requests) to the application

  • Checking responses to see if there has been any successful exploitation or any vulnerabilities exist

Therefore, if you add an authentication which has administrator permissions on your application, our scanner will find all functionality that your admin user has access to. If this includes destructive functionality then you should consider NOT adding that user to your authentications as it is likely our scanner will find that functionality and activate during its standard scanning process. Destructive functionality can include things like:

  • Deleting users

  • Deleting accounts

  • Suspending the account

  • Locking out user

  • Deleting pages/data

  • etc.

Carefully consider the potential impact to your application if our scanner finds ALL functionality that your admin user has access to.

Did this answer your question?