DAST

Adding usernames and passwords for a web app

• Last updated: February 23, 2026

• Read time: 2 Minutes

Cloud Self-hosted

If your web app uses a basic username and password-based login system, you can specify login credentials for Burp Scanner to use when scanning the site. Specifying a valid username and password enables Burp Scanner to log in to the web app and audit content that only authenticated users can usually see.

Specifying username and password details when adding a new web app site

To specify username and password login credentials during the process of adding a new web app site:

1. On the top menu, select Sites > Add a new site to display the Create a new site page.
2. In the Scan settings section, select Authentication > Application logins.
3. Make sure that Usernames and passwords is selected, and click Add login credentials.
4. In the dialog box, enter a unique Label to identify this set of login credentials.
5. Enter the Username and Password.
6. Click Save.

Specifying username and password details for an existing web app

To specify username and password login credentials for an existing web app site:

1. On the top menu, select Sites to display the site tree.
2. Select the site you want to set up notifications for.
3. Select the Details tab and click Edit.
4. In the Scan settings section, select Authentication > Application logins.
5. Make sure that Usernames and passwords is selected, and click Add login credentials.
6. In the dialog box, enter a unique Label to identify this set of login credentials.
7. Enter the Username and Password.
8. Click Save to close the dialog box.
9. Click Save.

To specify an additional set of credentials, click the plus button and repeat steps 6 to 9.

To delete a set of credentials, click the trash icon .