Other Scanners Lag Behind Modern Web Applications Development Technologies
Through the integration of DeepScan Technology in Acunetix Web Vulnerability Scanner V9, our security researchers have developed a unique way for the scanner to crawl through the plenitude of new tags, attributes and events possible within modern dynamic websites.
Acunetix DeepScan also supports scanning of Single Page Applications (SPA); a web application or web site that fits on a single web page with the goal of providing a more fluid user experience akin to a desktop application. In an SPA, the appropriate resources are dynamically loaded and added to the page as necessary, usually in response to user actions.
How does Acunetix DeepScan Perform when Put to the Test
Our security researchers have created a vulnerable web application as a test case for Acunetix WVS V9. This web application was built as a Single Page Application (SPA) using modern web technologies such as AngularJs, Bootstrap, CouchDB, Flask and Nginx. It can be found at http://testhtml5.vulnweb.com.
When this test website is crawled using a traditional scanner, or with DeepScan disabled, results are very limited
After the completion of the crawling, the final results look completely different. The tested application has made various AJAX requests to the web server requesting JSON data, HTML templates and so on. None of these were visible in the initial crawl without Acunetix DeepScan Technology.
In addition, Acunetix DeepScan Technology drastically improves the detection of DOM-based XSS vulnerabilities.