Single-Page Application

Overview

Single-Page Application (SPA) architecture uses various JavaScript libraries and tools like Jquery and Angular to create web applications which don’t need constant server calls or page reloads. The experience consists of a single HTML page broken up into sections with JavaScript code running in the web browser to make various API calls to a back-end server which returns data. The libraries take the data from these operations and update the HTML on the web page according to the presentation logic. In essence, single-page applications remove the presentation layer from the server side and put it in the browser for the user to speed loading.

Two of the most common uses are email clients and shopping cart calls, which allow the user to move between common mailboxes without changing the URL, or to add items into a shopping bag without taking the user away from their current item description page.

The more interactivity that happens on the client-side (creating a shopping cart, updating mail pages, downloading new mail,) the more JavaScript code and API calls are needed to make those interactive pieces function well. And the more code is written, the more important it is to have a clean and well-architected codebase. There are many JavaScript frameworks to help build SPAs, such as AngularReact, Ember, AureliaVue.js, Cycle.js, and Backbone.

Challenge

While SPA sites are great for the user experience, they have been challenging for dynamic web scanners to fully investigate. While various tools can perform the full domain crawl or page discovery of all the links, API operations, and libraries, to do so can require a great deal of manual effort in set up, domain discovery, form training, and other scanning technician details.

Solution

WhiteHat Dynamic performs all of these discoveries automatically, with 75-90% more coverage of the Single-Page Application architecture than other non-SPA specific scanning technologies, and without the time, effort, and skill of a dedicated AppSec engineer or tester.

Benefits

  • Comprehensive coverage – Single-Page Application coverage depths reveal more findings and crawl more pages through the deepest JavaScript framework stack in the business
  • No extensive setup – As with all WhiteHat scanning, single page applications can be set up and scanned like most other websites without heavy user interaction
  • No impact to scan schedule – Because WhiteHat Dynamic scans are ongoing and continuous, there is no impact for the time taken to crawl the full SPA site
  • Full SPA Coverage is available for both Standard and Premium Editions