Intruder

- We'd advise against adding admin credentials, as explained in <a href="https://help.intruder.io/en/articles/6051004-should-i-add-an-admin-user-when-adding-authentications-to-my-targets" rel="nofollow noopener noreferrer" target="_blank">this article</a>. 

- Whilst the scanner <i>can</i> run safely on many production websites, it's usually best to stick to staging to reduce the chance of damage. 

⚠️ Authentication licenses are per Fully Qualified Domain Name (FQDN) or IP Address, and you can add as many authentications to one target as you wish.

___________________________________________________________

How to add apps using advanced authentication methods

If your app uses single-sign-on, multi-factor authentication, or has complex authentication flows, take a look at our article below:

 How to configure advanced authentication methods

By default, our scanners will attempt to find all scannable pages on your app. If you wish to set up the authentication of your scan to modify the scope, then take a look at our article here:

How to configure authenticated scan scope

Understand what you can, can't, should and shouldn't do with authenticated web-app scanning

Capabilities and constraints of the authenticated web-app scanner

Pricing

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company

Tickets portal

{assigneeName} needs more information from you

Minimising risk

How to add apps using advanced authentication methods

How to customize the scope of the scan