Deep Crawling of HTML5 & JavaScript Websites with Acunetix DeepScan Technology

Acunetix DeepScan is the latest revolutionary technology available within Acunetix that can crawl and scan modern HTML5 and JavaScript-based web applications; the only web vulnerability scanner on the market capable of doing this.

Other scanners lag behind modern web applications development technologies

Modern HTML5-based web applications are using a large array of complex JavaScript libraries like AngularJS, Backbone.js, Ember.js, and SproutCore.

Traditional web vulnerability scanners cannot cope with such JavaScript-heavy applications and provide only superficial crawling capabilities at best. Not being able to crawl properly means that HTML5 and JavaScript vulnerabilities go completely undetected.

Through the integration of DeepScan Technology in Acunetix, our security researchers have developed a unique way for the scanner to crawl through the plenitude of new tags, attributes and events possible within modern dynamic websites.

Acunetix DeepScan also supports scanning of Single Page Applications (SPA)

A Single Page Application (SPA) is a web application or web site that fits on a single web page with the goal of providing a more fluid user experience akin to a desktop application. In an SPA, the appropriate resources are dynamically loaded and added to the page as necessary, usually in response to user actions.

How does Acunetix DeepScan perform when put to the test

Our security researchers have created a vulnerable web application as a test case for Acunetix. This web application was built as a Single Page Application (SPA) using modern web technologies such as AngularJs, Bootstrap, CouchDB, Flask and Nginx. It can be found at http://testhtml5.vulnweb.com.

When this test website is crawled using a traditional scanner, or with DeepScan disabled, results are very limited

Crawl results of JavaScript website without DeepScan

Crawl Results of a Vulnerable Web Application
without Acunetix DeepScan Technology. (Click to enlarge)

 

However, when scanning the same web application with DeepScan a very different scenario emerges. Immediately noticeable is the fact that the crawler can intercept all the XHR (XMLHttpRequest) calls performed from JavaScript and added to the site structure for subsequent testing. Also, the crawler can see all the other requests (images, scripts, HTML templates …) made by the scanned test application. For example, AngularJs is dynamically loading HTML templates on the fly using AJAX requests.

XMLHttpRequest(s) captured with Acunetix DeepScan Technology

XMLHttpRequest(s) captured with Acunetix DeepScan Technology. (Click to enlarge)

After the completion of the crawling, the final results look completely different. The tested application has made various AJAX requests to the web server requesting JSON data, HTML templates and so on. None of these were visible in the initial crawl without Acunetix DeepScan Technology.

scan-results-with-acunetix-deepscan-300x279

Crawl results with DeepScan Technology enabled

With the deep scan results available, the scanner can perform a comprehensive audit of all these inputs looking for vulnerabilities. Without a powerful JavaScript engine the crawler will receive only partial results and will not find all potential HTML5 and JavaScript vulnerabilities.

In addition, Acunetix DeepScan Technology drastically improves the detection of DOM-based XSS vulnerabilities.