What does IBM's AppScan Source scan for in JavaScript projects. What is AppScan able to find in JavaScript? Can it handle projects with Angular, Jquery, and other 3rd party libraries? Are there any that it can't handle?

javascriptsecuritybluemix-app-scan

whatsTheDiff

Reputation: 745

What all does AppScan scan with JavaScript?

What does IBM's AppScan Source scan for in JavaScript projects.

What is AppScan able to find in JavaScript?
Can it handle projects with Angular, Jquery, and other 3rd party libraries? Are there any that it can't handle?

Upvotes: -1

Answers (2)

S.Wang

Reputation: 9

Some information about improvements of AppScan Source's Javascript features can be found from AppScan Source's new version release notes, for example

AppScan Source 9.0:

Performance is now improved when scanning JavaScript.

http://www-01.ibm.com/support/docview.wss?uid=swg24037073

Appscan Source 9.0.1:

Enhanced accuracy for JavaScript analysis: Pattern-based static analysis results for JavaScript are now included. Preliminary support for Backbone.js and Require.js (currently disabled). Various bug fixes.

http://www-01.ibm.com/support/docview.wss?uid=swg24038332

The vulnerabilities it look for include common web security vulnerabilities for example Cross-Site Scripting, DataLeakage, URL redirect, OS injection, SQL injection etc.

It currently supports normal client side javascript apis, MobileFirst apis, and a part of jQuery, Cordova, html5, and Backbone apis.

Upvotes: 0

Bingzhou

Reputation: 21

The Javascript scanner in AppScan Source supports normal client side javascript apis, MobileFirst apis, and a part of jQuery, Cordova, html5, and Backbone apis. Unfortunately no AngularJS yet

Upvotes: 2

What all does AppScan scan with JavaScript?

Answers (2)

Related Questions