AeyeScan Enhances TOTP Authentication Support, Simplifying In-house Vulnerability Scanning
AI Security Lab has upgraded its 'AeyeScan' cloud-based vulnerability scanning tool to support TOTP-authenticated websites. Scanning now only requires registering a secret key, removing the need for complex authentication bypass setups.
📋 Article Processing Timeline
- 📰 Published: May 25, 2026 at 17:00
- 🔍 Collected: May 25, 2026 at 08:31
- 🤖 AI Analyzed: May 25, 2026 at 08:35 (4 min after Collected)
On May 23, 2026, AI Security Lab announced an update to 'AeyeScan,' its AI-driven cloud-based web application vulnerability scanning tool, enhancing support for websites utilizing TOTP (Time-based One-Time Password) multi-factor authentication (MFA).
This update enables scanning of TOTP-authenticated sites—previously requiring high-level expertise and complex configuration—simply by registering a secret key. This allows for continuous scanning even of high-security sites, including those in production environments.
### Background: The Challenge of Scanning MFA Websites
In recent years, the adoption of MFA, including TOTP, has become common for websites handling sensitive information. However, these authentication methods have posed a significant barrier to internalizing vulnerability scanning.
Traditionally, scanning MFA sites required temporarily disabling authentication or registering post-authentication cookies as custom headers, demanding specialized knowledge and significant man-hours. This limited the number of staff who could perform scans and often led to certain sites being excluded from diagnostic scope.
Furthermore, for authentication types like SSO or SAML that cannot be handled by automatic crawlers, or complex screen transitions, specialized knowledge in JavaScript, Selenium, and Proxy settings was often required, leading to siloed operations and increased learning costs.
### About the Update: Intuitive Scanning for TOTP Sites
AeyeScan has previously supported authentication environments difficult for automatic crawlers, such as SSO or SAML, through intuitive manual crawling using remote browsers. However, TOTP sites still required temporary authentication bypasses.
With this update, TOTP sites can be included in manual crawling simply by registering a secret key. Users can perform scans within production environments with MFA active, without needing complex pre-configurations or authentication bypasses, enabling broader vulnerability diagnostics including high-security domains.
AeyeScan's key feature is the ability to operate these advanced authentication settings with zero learning cost. Since TOTP input is completed within the extension of intuitive remote browser operations, diagnostic operations are no longer dependent on individual staff skills.
### Expected Benefits: High-Frequency Diagnostics Without Man-Hour Burdens
This feature significantly reduces the man-hours required for scanning MFA-enabled sites in production. Organizations can easily perform pre-release scans or re-scans after repairs as needed, integrating continuous vulnerability countermeasures into an 'in-house cycle.'
Additionally, it helps establish a diagnostic system not dependent on a few experts, contributing to resolving siloed security operations and standardizing diagnostic quality across the organization.
### Future Outlook
Strengthening the Uniqueness of 'No-Expert-Knowledge-Required' Scanning
AeyeScan has supported companies in internalizing vulnerability scanning through high-precision automatic crawling powered by AI+RPA and reporting features compliant with various guidelines. By resolving 'difficult authentication configuration,' the biggest barrier to internalization, with this TOTP support, AeyeScan further strengthens its uniqueness as an in-house tool that allows anyone to continuously scan any website without special knowledge. The company aims to continue supporting the systematization of vulnerability scanning that can be easily operated on-site, ensuring security measures are not just for experts.
This update enables scanning of TOTP-authenticated sites—previously requiring high-level expertise and complex configuration—simply by registering a secret key. This allows for continuous scanning even of high-security sites, including those in production environments.
### Background: The Challenge of Scanning MFA Websites
In recent years, the adoption of MFA, including TOTP, has become common for websites handling sensitive information. However, these authentication methods have posed a significant barrier to internalizing vulnerability scanning.
Traditionally, scanning MFA sites required temporarily disabling authentication or registering post-authentication cookies as custom headers, demanding specialized knowledge and significant man-hours. This limited the number of staff who could perform scans and often led to certain sites being excluded from diagnostic scope.
Furthermore, for authentication types like SSO or SAML that cannot be handled by automatic crawlers, or complex screen transitions, specialized knowledge in JavaScript, Selenium, and Proxy settings was often required, leading to siloed operations and increased learning costs.
### About the Update: Intuitive Scanning for TOTP Sites
AeyeScan has previously supported authentication environments difficult for automatic crawlers, such as SSO or SAML, through intuitive manual crawling using remote browsers. However, TOTP sites still required temporary authentication bypasses.
With this update, TOTP sites can be included in manual crawling simply by registering a secret key. Users can perform scans within production environments with MFA active, without needing complex pre-configurations or authentication bypasses, enabling broader vulnerability diagnostics including high-security domains.
AeyeScan's key feature is the ability to operate these advanced authentication settings with zero learning cost. Since TOTP input is completed within the extension of intuitive remote browser operations, diagnostic operations are no longer dependent on individual staff skills.
### Expected Benefits: High-Frequency Diagnostics Without Man-Hour Burdens
This feature significantly reduces the man-hours required for scanning MFA-enabled sites in production. Organizations can easily perform pre-release scans or re-scans after repairs as needed, integrating continuous vulnerability countermeasures into an 'in-house cycle.'
Additionally, it helps establish a diagnostic system not dependent on a few experts, contributing to resolving siloed security operations and standardizing diagnostic quality across the organization.
### Future Outlook
Strengthening the Uniqueness of 'No-Expert-Knowledge-Required' Scanning
AeyeScan has supported companies in internalizing vulnerability scanning through high-precision automatic crawling powered by AI+RPA and reporting features compliant with various guidelines. By resolving 'difficult authentication configuration,' the biggest barrier to internalization, with this TOTP support, AeyeScan further strengthens its uniqueness as an in-house tool that allows anyone to continuously scan any website without special knowledge. The company aims to continue supporting the systematization of vulnerability scanning that can be easily operated on-site, ensuring security measures are not just for experts.
FAQ
AeyeScanのアップデートで何ができるようになりましたか?
TOTP認証(時間ベースのワンタイムパスワード)を利用するWebサイトの脆弱性診断において、シークレットキーを登録するだけで診断が可能になりました。
これまでの多要素認証サイトの診断における課題は何でしたか?
一時的に認証を無効化したり、Cookieを手動登録したりする必要があり、高度な専門知識や多くの工数が求められていました。
AeyeScanのTOTP認証診断対応の利点は何ですか?
複雑な事前設定や認証解除を必要とせず、本番環境のまま診断できるため、診断担当者のスキルに依存しない効率的な内製化診断が可能です。
AeyeScanはどのようなツールですか?
生成AIを活用し、手動の手間を自動化したクラウド型Webアプリケーション脆弱性診断ツールです。
エーアイセキュリティラボの企業理念は何ですか?
「サイバーセキュリティ人材の不足を技術力で解消する」ことを理念に掲げています。