Scanning Single Page Applications

Acunetix 360’s DOM parser provides superior coverage when scanning single page applications (SPA) and modern web applications that depend heavily on multiple level JavaScript interactions.

The basic point is that unless a parameter is crawled, it won't be scanned.

For example, when the DOM parser simulates a mouse click or a mouseover, it detects all the new changes in the web application. It's the same when you use Gmail. When you click Compose, a new section of the web application opens, with new input parameters. Acunetix 360 also handles the automatic submission of forms in web applications, using the details specified in the Form Values section of the Scan Policy.

It populates and submits forms according to specified rules, even when analyzing client-side scripts. This means that it can bypass client-side checks, facilitating more thorough web security scans.

Configuring the Acunetix 360 JavaScript Analyzer

While an out-of-the-box installation of Acunetix 360 can scan SPA applications, you can configure some additional settings.

For further information on the settings available, see JavaScript.

How to Configure the JavaScript Analyzer in Acunetix 360
  1. Log in to Acunetix 360.
  2. From the main menu, select Policies, then New Scan Policy. The New Scan Policy window is displayed.

  1. Select the JavaScript tab. The Javascript window is displayed.
  1. Enable the Analyze JavaScript/AJAX checkbox. The JavaScript fields are enabled.

  1. Complete the remaining fields as required.
  2. Click Save.

 

« Back to the Acunetix Support Page