Testing Login Macros
-
When an auto-generated macro, newly-recorded macro, or pre-existing macro is tested during scan configuration
-
At the start of the scan with any login macro if Enable macro validation is selected in Scan Settings: Authentication
Validation Tests Performed
The following table describes the tests that Fortify WebInspect performs.
| Test | Result of Failure |
|---|---|
|
Determine if the validation step is missing. |
The scan continues, but a warning is written to the scan log. |
| Monitor the behavior when incorrect credentials are used. | |
|
Determine whether the landing page is accessible with a login state. |
|
|
Determine whether the landing page is accessible without a login state. |
|
| Determine if the site can handle multiple logins concurrently. The default number of concurrent logins tested is 5. | |
| Verify that the auto-generated macro logs into the application. | The scan stops and an error is written to the scan log. |
|
Verify that the replay of the macro logs into the application. |
If a scan stops after failing a test, it may be possible to examine the specific error message in the scan log to determine and resolve the issue. Use the error message and the troubleshooting tips in this topic to help resolve the issue.
Troubleshooting Tips
In all cases of macro failure, it is possible that an invalid macro was recorded. However, a previously good macro that fails is almost always due to site changes or credentials.
The following table provides possible causes and solutions for each error message.
Note: This table does not include all possible causes and solutions for each error message. Additional troubleshooting may be necessary.
|
Error Message |
Possible Cause |
Possible Solution |
|---|---|---|
| Automatic login generation failed | The login macro could not be created because the user credentials provided are not valid. | Try the Auto-gen Login Macro option again using credentials that are known to be valid. |
|
Execution Failed |
An HTML element, such as a verification element, username, or password, was not located. |
Record a new macro in the Web Macro Recorder to identify the login input elements. |
| The username has been deactivated (removed from the database) and/or the password has changed. | Record a new macro in the Web Macro Recorder using credentials that are known to be valid. | |
| Logged in verification step not found | The login macro does not contain a verification step. | Edit the macro in the Web Macro Recorder to add a verification step to indicate a successful login. |
| Verification step did not fail after invalid login | The verification step succeeded after an invalid login attempt. A valid verification step should only succeed upon successful login. This indicates that an incorrect login verification object was selected. | Edit the macro in the Web Macro Recorder to select another object for the verification step. |
For specific information about using the Web Macro Recorder, see the Web Macro Recorder help.