Reputation: 22054
Can ZAP be used for SPA application
I have a SPA application (angularjs front end/restfull WebAPI back end). SPA is by design using client routing - i.e. typical "page" looks like
.. etc
I know that ZAP has "ajax spidering" mode in which it can get urls "from javascript". However the active scan is just making http requests - so I doubt the ZAP can be used in this scenario - or am I wrong ?
Upvotes: 6
Views: 5461
Answers (1)
Reputation: 6186
What sort of vulnerabilities are you looking for?
Your application will still have to make http requests, so ZAP will still be able to test those.
We also have a DOM XSS scanner https://www.zaproxy.org/docs/desktop/addons/dom-xss-active-scan-rule/ which you can download from the ZAP Marketplace. This will launch a browser to detect DOM XSS vulnerabilities.
Also very happy to write more client side rules, just tell us what you are looking for...
Upvotes: 2
Related Questions
- OWASP Zap Plug-In Development
- Passive Scan in OWASP ZAP Authentication
- How to working Owasp ZAP on web interface
- Can I Integrate Zapier in my Website With all its Capabilities?
- Form Based Authentication OWASP ZAP for HTTPS application
- how to execute two sites at a same time in owasp zap
- SPA application on IIS Azure App Service
- ZAP Authentication using API calls
- SPA, the bad things?
- Why SPA (Single Page App)?