Search

Contact Us

Log in

Go back to blog

Support for Single-Page Applications

Nuno Loureiro
Nuno Loureiro

October 30, 2017 · 2 min read

A single-page application (SPA) is a web application that mimics the behavior of a desktop application, i.e., instead of loading a new page every time the user interacts with the application, it retrieves all necessary code (HTML, JS, CSS) with a single page load and dynamically rewrites the current page using Javascript and AJAX requests (to an API) as the user interacts with it.

A web scanner can only scan pages that it knows about, therefore, the first important job of a scanner is to crawl the web application in order to find all pages or all sections of the web application. The crawler feeds the scanner with pages to be scanned.

SPAs present a challenge to scanners, mainly because traditional crawlers don’t deal well with Javascript-rich applications. In order to crawl a SPA, the crawler needs to interpret and render JavaScript code, much like a modern browser.

We are happy to announce that today we added support for SPAs that call APIs on domains different from the target’s.

Adding the api endpoint to our target

© Adding the api endpoint to our target

If you want to scan a SPA, all you have to do is, on the target’s settings, add the domains of the API. It’s that simple! If you need a specific header or cookie on all requests to the API, you can add it under the Custom Cookies or Custom Headers section, on the same page.

If you haven’t an account with Probely yet, click here to start your free trial.

Cybersecurity
DAST
Go back to blog