Scanning Single Page Applications
The basic point is that unless a parameter is crawled, it won't be scanned.
For example, when the DOM parser simulates a mouse click or a mouseover, it detects all the new changes in the web application. It's the same when you use Gmail. When you click Compose, a new section of the web application opens, with new input parameters. Acunetix 360 also handles the automatic submission of forms in web applications, using the details specified in the Form Values section of the Scan Policy.
It populates and submits forms according to specified rules, even when analyzing client-side scripts. This means that it can bypass client-side checks, facilitating more thorough web security scans.
While an out-of-the-box installation of Acunetix 360 can scan SPA applications, you can configure some additional settings.
- Log in to Acunetix 360.
- From the main menu, select Policies, then New Scan Policy. The New Scan Policy window is displayed.
- Complete the remaining fields as required.
- Click Save.