"Classic" authentication methods don't use JavaScript. All the elements are present in the page source upon visiting it and none of the elements are loaded after the document loading.
Form-based JSON-based Form-based w/ Secret Header-based Form w/ MFA Form w/ MFA (Split)This is for testing going into specific sections of the application that are only accessible in one direction and have no persistent (cookie/local storage) information to define it.
The organization is reset when the home page is visited.
Enter OrganizationModern applications tend to use JavaScript and AJAX requests to make outbound requests to trigger actions on the pages. The contents of the page may not necessarily exist initially on the page source.
These appear after a second through JavaScript
For checking CxOne DAST reports
Go to CxOne DAST auth report parser