How does it work?
Users with Infrastructure licenses
As the name suggests, the license primarily works on the infrastructure level and checks for a wide variety of vulnerabilities. For example, if you've accidentally exposed your application's database to the internet; forgotten to apply security patches to your web server; or uploaded your code repository to your website root directory – the scanner should catch it.
Users with Authentication licenses
The scanning engine associated with authenticated scanning works slightly differently. It handles SPAs by fetching the application and running it within a headless browser; it then manipulates the Document Object Model (DOM) and attempts to follow any links it finds – recording a list of paths and parameters for further analysis.
Are there any limitations when scanning SPAs?
Yes, there are limitations when it comes scanning SPAs. For example, the more complex and abnormal the SPA (behaviour that is against standard norms/specs), the less likely it is for the scanner to succeed in interacting with it. As you’d expect, this can have a direct impact on the coverage and what’s detected by the scanner – but that’s true of most automated scanners on the market today – they find it difficult to navigate and understand how to operate SPAs.
It's also worth noting that we may not be able to crawl SPAs which use Local Storage to present an authenticated page, as we don't currently (v1.0) support the configuration of Local Storage within our headless browser.
Regardless of whether your web applications are single-page or not – we’d recommend trying out a free trial (if you haven't already) – it may still surprise you to see what we find!