OTP MFA support implementation plan

Problem to solve

Customers have enabled MFA on their applications. Because DAST does not support MFA, customers must disable MFA on their test applications. Many customers do not want to do this because they want their test application to be an apples to apples comparison with their production application. Additionally, security teams do not like telling their developers to remove a security control in order to test for security flaws.

Proposal

• Scope the amount of work (and implementation plan) that would be required in order for DAST to support one-time-password MFA authentication.