Support
Scans

Scanning Single Page Applications

This document is for:
Invicti Standard, Invicti Enterprise On-Premises, Invicti Enterprise On-Demand

Invicti’s DOM parser provides superior coverage when scanning single page applications (SPA) and modern web applications that depend heavily on multiple level JavaScript interactions.

The basic point is that unless a parameter is crawled, it won't be scanned.

For example, when the DOM parser simulates a mouse click or a mouseover, it detects all the new changes in the web application. It's the same when you use Gmail. When you click Compose, a new section of the web application opens, with new input parameters. Invicti also handles the automatic submission of forms in web applications, using the details specified in the Form Values section of the Scan Policy.

It populates and submits forms according to specified rules, even when analyzing client-side scripts. This means that it can bypass client-side checks, facilitating more thorough web security scans.

For further information on the settings available, see JavaScript.

Configuring the Invicti JavaScript Analyzer

While an out-of-the-box installation of Invicti can scan SPA applications, you can configure some additional settings.

How to Configure the JavaScript Analyzer in Invicti Enterprise

  1. Log in to Invicti Enterprise.
  2. From the main menu, select Policies, then New Scan Policy. The New Scan Policy window is displayed.

  1. Select the JavaScript tab. The Javascript window is displayed.
  2. Enable the Analyze JavaScript/AJAX checkbox. The JavaScript fields are enabled.

  1. Complete the remaining fields as required.
  2. Click Save.

How to Configure the JavaScript Analyzer in Invicti Standard

  1. Open Invicti Standard.
  2. From the Home tab, click Scan Policy Editor. The Scan Policy Editor dialog is displayed.
  3. Select the JavaScript tab.

  1. Click New. The Analyze JavaScript/AJAX box is checked and the JavaScript fields are enabled.

  1. Complete the remaining fields as required.
  2. Click OK.

Invicti Help Center

Our Support team is ready to provide you with technical help.

Go to Help Center This will redirect you to the ticketing system.