Support
Scan Policies

Scanning Single Page Applications in Invicti Standard

This document is for:
Invicti Standard

The scanning approach for single-page applications leverages a dedicated DOM parser, designed to ensure thorough coverage for modern web apps that rely on complex JavaScript interactions. The DOM parser simulates user actions, such as mouse clicks and hovers, to detect changes within the application. This enables Invicti Enterprise to track modifications triggered by user interactions, like button presses or form submissions, and include them in the scan.

Invicti Standard also handles form submissions automatically, even for those using client-side scripts. By filling out and submitting forms based on pre-configured rules in the Scan Policy settings, it can bypass client-side security measures, enabling a more in-depth security assessment of the application. Unless a parameter is crawled, it will not be scanned.

This document describes how to configure the JavaScript analyzer for single-page applications in Invicti Standard.

How to configure the JavaScript Analyzer

While an out-of-the-box installation of Invicti Standard can scan single-page applications, you can configure some additional settings. Follow the steps below to configure the Java Script analyzer in Invicti Standard.

  1. Open Invicti Standard.
  2. From the Home tab, click Scan Policy Editor.

  1. Select the JavaScript tab.

  1. Click New in the top left corner. The Analyze JavaScript/AJAX box is checked and the JavaScript fields are enabled.

  1. Complete the remaining fields to ensure all the necessary details are provided. For more information, refer to our Configuring scan policies documentation.
  2. Click Save at the bottom of the page.

Completing the configuration of the JavaScript analyzer for single-page applications means that your scan settings are now optimized to thoroughly analyze modern web apps with complex JavaScript interactions. The analyzer is prepared to handle dynamic content changes and simulate user interactions effectively, ensuring a comprehensive security assessment of your application. You can now use this configured scan policy to perform scans that detect vulnerabilities across your entire single-page application.