This guide discusses how to enable JavaScript authentication for web scans in beSECURE.


Setting up JavaScript website authentication

  1. Log in to beSECURE.
  2. In the upper-left corner of the Home page, select DevOps.
  3. Select Scans > Web Scans List.
  4. On the Web Scan List page, select the web scan to authenticate.
  5. Under the Settings tab. select the Authentication tab.
  6. In the Web site requires authentication box, select via Javascript.
  7. In the Javascript Automation box, enter the desired JavaScript information (to generate a script, see the Additional information and How to use the Katalon Chrome extension sections below). 
  8. Select Modify to save your changes.
  9. Under Crawler Starting Points, set each site's Crawler Type to DOM, and then select Crawl.


Additional information

JavaScriptcript login supports the following syntax:

command | target | value |

Note: 

  • A space is present after the last "|"
  • The Katalon Recorder Chrome extension can be used to record JavaScript sessions, export them using 'Sample for new formatters' as the output, and then provide it here (see below).

One of the following commands:

  1. 'open'
  2. 'click'
  3. 'type'


open - Access a site
Receives a target name in the form of a URL, i.e. http://.. or https://..

click - Click on an element 

Receives a target name which is one of the following: 

  • value of the 'name' attribute
  • value of the 'id' attribute, link
  • value for a href elements
  • a full xpath
    • For example:
      click | name=username | |
click | id=password | |
click | link=Forgot password | |
click | xpath=xpath=(.//*[normalize-space(text()) and normalize-space(.)=concat('Monitor
your network', "'", 's readiness for attacks')])[1]/following::button[1] | |

type - Fill an input field with data

Receives a target value of the id attribute or target value of the name attribute and populates it with the provided value.

  • For example:
    type | id=username | some_username
  • Complete example:
    open | https://loginSSO.beyondsecurity.com/example |
click | //a/b |
click | link=Login here |
click | //div[@id='root']/div/div/div/div/div/div/div/div[2]/div/div[2]/button/div[2] |
type | id=identifierId | Yourname@example.com
click | //div[@id='identifierNext']/span/span |
type | name=password | ...Enter Password...
click | //div[@id='passwordNext']/span/span |
type | id=idvPin | ...Enter Pin...
click | //div[@id='idvPreregisteredPhoneNext']/span |

How to use the Katalon Chrome extension

To find the information required for the JavaScript Automation, downloand and install the Katalon Chrome extension, then do the following:

  1. Select the Katalon's icon in the top-right corner of the Chrome browser window.
  2. Select Record.
  3. Open a new tab in the Chrome browser window.
  4. Go to the URL of a site with a log in option (for example, https://accounts.google.com/).
  5. Enter the site's required credentials and log in.
  6. Return to the Katalon controls and select Stop.
  7. Select Export.
  8. In the Format box, select Sample for new formatters.
  9. Select Copy to Clipboard to save the script.
  10. In beSECURE, paste the script into the Javascript Automation box.
  11. Select Modify to save your changes.