HTML5 & JavaScript Security

If you can’t crawl it, you can’t scan it! Thanks to DeepScan technology, Acunetix can crawl any website and web application, even modern single-page applications (SPAs) developed using HTML5, JavaScript, and RESTful APIs. Acunetix DeepScan crawls even the most advanced web applications by replicating user actions and executing JavaScript just like a real browser does.

Acunetix uses the Acunetix DeepScan technology – a fully automated web browser that can understand complex web technologies and seamlessly interact with them.

Crawls and scans HTML5 websites; executes JavaScript like a real browser; directly supports Angular, Vue, and React
Interacts with AJAX, SOAP/WSDL, SOAP/WCF, REST/WADL, XML, JSON, Google Web Toolkit (GWT), and CRUD operations
Analyzes web applications developed in Node.js, Ruby on Rails, and Java frameworks including Java Server Faces (JSF), Spring, and Struts

Acunetix can automatically test authenticated areas by recording a login sequence using the Login Sequence Recorder (LSR). The LSR makes it quick and easy to record a series of actions and/or restrictions that the scanner can replay to authenticate itself to a page. The Acunetix LSR supports a large number of authentication mechanisms including:

Multi-step/custom authentication schemes
Single Sign-On authentication
CAPTCHAs and multi-factor authentication

Acunetix has two malware detection features. The scanner detects URLs linking to external sites that are known to host malware or to be used for phishing attacks. Acunetix also downloads scripts from the target website and tests them for malware using Windows Defender on Windows and ClamAV on Linux and macOS.

Detects malware URLs in the web application that is being scanned
Identifies malicious scripts using Windows Defender or ClamAV
URLs are checked against Google Safe Browsing and Yandex Safe Browsing databases