Support for Single-Page Applications
A web scanner can only scan pages that it knows about, therefore, the first important job of a scanner is to crawl the web application in order to find all pages or all sections of the web application. The crawler feeds the scanner with pages to be scanned.
Probely is able to scan SPAs from day 0, but there was a problem: when you add a target (domain) to Probely, it only scans pages within that target (domain). For those SPAs that call an API on another domain, Probely would leave those API calls out from the scanning phase.
We are happy to announce that today we added support for SPAs that call APIs on domains different from the target’s.
If you want to scan a SPA, all you have to do is, on the target’s settings, add the domains of the API. It’s that simple! If you need a specific header or cookie on all requests to the API, you can add it under the Custom Cookies or Custom Headers section, on the same page.