Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Can ZAP be used for SPA application

Tags:

owasp

single-page-application

zap

I have a SPA application (angularjs front end/restfull WebAPI back end). SPA is by design using client routing - i.e. typical "page" looks like

http://contosco.com#/page1

http://contosco.com#/page2

.. etc

I know that ZAP has "ajax spidering" mode in which it can get urls "from javascript". However the active scan is just making http requests - so I doubt the ZAP can be used in this scenario - or am I wrong ?

like image 257
Ondrej Svejdar Avatar asked Nov 20 '22 21:11

Ondrej Svejdar

1 Answers

What sort of vulnerabilities are you looking for?

Your application will still have to make http requests, so ZAP will still be able to test those.

We also have a DOM XSS scanner https://github.com/zaproxy/zap-extensions/wiki/HelpAddonsDomxssDomxss which you can download from the ZAP Marketplace. This will launch a browser to detect DOM XSS vulnerabilities.

Also very happy to write more client side rules, just tell us what you are looking for...

like image 196
Simon Bennetts Avatar answered Nov 22 '22 10:11

Simon Bennetts
Sign in to Comment

Related questions

How do I return plain text for an AJAX query?
Can I create routes with react-router for a github-pages site?
Uploading files with VueJS, axios and Laravel

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!