WhiteHat Security’s new feature for dynamic single-page application scanning in the WhiteHat Sentinel Dynamic product is designed to automate the scanning for, discovery and updating of webpages, links and architecture, seamlessly and without impact on the customer experience.
A single-page application (SPA) is a site that interacts with the user by dynamically rewriting the current page rather than loading entire new pages from a server. This approach avoids interruption between successive pages, making the application behave more like a desktop app than a traditional website.
Two of the most common uses are email clients and shopping cart calls, which allow the user to move between common mailboxes without changing the URL, or to add items into a shopping bag without taking the user away from their current item description page. SPA sites are great for the user experience, but they can be challenging for dynamic web scanners to investigate.
“Most other vendors simply provide a browser plugin, but that requires a customer to navigate their SPA site and send back scripts for coverage,” said Shivajee Samdarshi, senior vice president of Engineering at WhiteHat Security.
“We give our customers back valuable time to spend on growing their businesses. Instead of elaborate tutorials to teach set-up, configuration and scanning, we offer the confidence and convenience of a fully-automated coverage scan for most SPA sites.”
A variety of tools can perform the full domain crawl or page discovery of all the links, API operations, and libraries, but using them requires manual effort in set up, domain discovery, form training and other scanning technician details.
Instead, WhiteHat Sentinel Dynamic now performs all these discoveries automatically, with 75-90 percent more coverage of the single-page application architecture than other non-SPA specific scanning technologies, and without the time, effort and skill of a dedicated application security engineer or tester.
The benefits of using WhiteHat Sentinel Dynamic for SPA scanning include:
- No extensive setup, so that SPAs can be scanned like most other websites without heavy user interaction,
- No impact to scan schedule because WhiteHat Sentinel Dynamic scans are ongoing and continuous, to crawl the full SPA site.
Support for automated dynamic application security testing of single-page applications is a new feature that will be free of charge to all customers of the existing Sentinel Dynamic Standard and Premium Edition licenses.