A single-page application (SPA) is a website that interacts with a user by dynamically rewriting the current page, rather than loading entire new pages directly from a server. This SPA approach avoids interruption between successive pages, which makes the application behave more like a desktop app than a traditional website.
Two of the most common uses of SPA sites are email clients and shopping cart calls. They allow the user to do things like move between common mailboxes without changing the URL or, add items into a shopping cart without taking the user away from the current item description page. SPA sites are great for the user experience, but they can be challenging for dynamic web scanners to fully investigate for security vulnerabilities.
To help our customers address these security challenges, we introduced a new SPA feature for the WhiteHat Sentinel Dynamic product that is designed to automate the scanning for and discovery and updating of webpages, links and architecture seamlessly, and without impact on the customer experience.
By providing critical automation to this task, customers are free to use their valuable time to focus on activities that help grow the business. Instead of using elaborate tutorials to learn and set-up configurations and scanning, we are delivering the confidence and convenience of a fully-automated coverage scan for most SPA sites.
This is important too, because most other vendors simply provide a browser plugin to accomplish the same function, but that requires a customer to navigate their SPA site and send back scripts for coverage. In fact, a variety of tools can perform the full domain crawl or page discovery of all the links, API operations, and libraries, but using them requires significant manual effort in set up, domain discovery, form training, and other scanning technician details.
Instead, WhiteHat Sentinel Dynamic can now perform all these discoveries automatically, with 75-90 percent more coverage of the single-page application architecture than other non-SPA specific scanning technologies, and without the time, effort, and skill of a dedicated AppSec engineer or tester.
The benefits of using WhiteHat Sentinel Dynamic for SPA scanning include:
- No extensive setup, so that SPAscan be scanned like most other websites without heavy user interaction
- No impact to scan schedule because WhiteHat Sentinel Dynamic scans are ongoing and continuous, to crawl the full SPA site
Support for automated dynamic application security testing of single-page applicationsis a new feature that will be free of chargeto all customers ofthe existing Sentinel Dynamic Premium (PE) and Standard (SE) edition license models.
For more information, visit https://www.whitehatsec.com/products/dynamic-application-security-testing/.