Identify apps with login page #1691
Labels
Investigation
Something to Investigate
Type: Discussion
Some ideas need to be planned and disucssed to come to a strategy.
Type: Enhancement
Most issues will probably ask for additions or changes.
Can you implement one more flag which checks whether given application is dynamic or static? Out of many different factors to call something dynamic one of them is login interface. If any of below criteria matches then it's a login interface.
Check for URL Patterns
Some webpages might redirect users to standard login URLs or include specific paths in their URLs (like /login, /signin, /auth, etc.). Examining the links or form action URLs for such patterns can be a clue.
Look for Text Labels
Beyond input field names and IDs, check the labels or placeholders associated with input fields. Phrases like "Enter your username", "Sign in to continue", "Access your account", etc., can indicate login fields.
Look for SSL/TLS Indicators
Forms intended for logging in are typically served over HTTPS to ensure security. Checking if the form’s action URL uses HTTPS can be a crucial indicator.
Presence of Social Media Login Options
Detection of elements related to OAuth or social media logins (like buttons for "Log in with Google", "Sign in with Facebook") can also indicate the presence of login mechanisms.
Common Frameworks and Libraries
Some web applications use popular frameworks (like React, Angular Wordpress Joomla) or libraries for building forms. Identifying specific CSS classes or data attributes associated with these can hint at login forms.
Reset Password or Forgot Password Links
Forms associated with these links are typically part of login or account management interfaces.
By combining these techniques, you can create a more robust system for identifying login interfaces, making your detection logic more comprehensive and less prone to missing potential login forms on a website.
The text was updated successfully, but these errors were encountered: