How do you scan behind a login?

The Tinfoil Security scanner has the ability to scan your website after logging into it. Many websites hide a lot of functionality behind authentication (Facebook is a good example of this, or any banking website). Given valid credentials (i.e. a valid username and password, as well as a login URL), the Tinfoil scanner is able to login automatically prior to each scan and crawl and audit pages behind authentication as well as while logged out.

The current types of authentication we support are Form-based, HTTP Basic Authentication, and SAML. If your site have a custom login procedure that does not conform to any of these methods, let us know.

Form-based Login

For Form-based Login, you can simply give us a login URL and example username and password. You can do this during the setup of your site right from your dashboard.

HTTP Basic Authentication

For HTTP Basic Authentication, you can simply fill out your username and password on the dashboard, and the scanner will take care of constructing the url of the form "" and use it to log in to your site.

SAML Single Sign-On

A third type of authentication we support is SAML (Security Assertion Markup Language). This authentication method is commonly used in websites that use a central identity provider to provide single-sign on functionality. Currently, we have tested and support OneLogin and Okta as identity providers.

To enable the Tinfoil Security scanner to log in to your site using SAML SSO, we need four pieces of information: the login URL to your identity provider portal (e.g. or, the username and password needed to log in to your identity provider portal, and lastly the Application's SSO URL, which is the URL to your site that is linked from your identity provider Portal (e.g. or You can obtain your Application SSO URL by logging in to your identity provider portal, finding the desired application in the listing, right-clicking on it, and copying the link. 

As always, if you have any questions or issues at all, please feel free to contact us in our Support Chat or via any of the methods listed on our Contact Page and we'll be more than happy to assist.

Still need help? Contact Us Contact Us