Security Testing of WebSites Using JavaScript
These days websites without JavaScript are rare. According to w3techs, more than 80% of websites use at least one JavaScript library. So for penetration testing you should execute and run JavaScripts on web pages to find all functionalities and attack vectors like bakcned APIs.
SmartScanner already has an javascript evaluation engine for running JavaScripts. In version 1.16 and 1.17 we completed the support for testing REST APIs. We added capability of identifying and testing requests sent with Fetch and XMLHttpRequest APIs with any HTTP methods. These APIs are backbone of any AJAX libraries like jQuery and axios.
All these new features and enhancements combined with our JavaScript evaluation engine made SmartScanner capable of automated vulnerability finding in any web application. No matter what technology your website is using; a Jamstack application, a single page application (SPA) or a modern reactive application built with ReactJS, Angular, Vue or Svelte. Just enter the URL, SmartScanner automatically tests and finds security vulnerablilities!
We also made huge changes in our application architecture that resulted in many improvements like, speed and memory optimizations. But a few bugs could find the chance to escape behind these changes! In version 1.18, we focused on polishing features and fixing broken things.
Now, we are excited to announce release of SmartScanner version 1.18, smarter and sharper than ever.
And that’s not all! Insecure Inline Frame, User Controllable URL and Unicode Transformation Issue are new tests we’ve added with many XSS and SQLI improvements in version 1.18. Download and check it out!
Read the changelog for details of new changes.