Articles — introspector
Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications
Some very interesting technology was presented a few days ago in the following articles: Following the data: Taint-tracing in the JS environment Following the execution: Taint-tracing in the JS environment Client-side crawl: A DOM state exploration Thusly, I'd like to clarify how it is used during scanning by Codename SCNR. Through continuous monitoring of each page's JS environment, Codename SCNR can handle Single-Page-Applications like a breeze, something notoriously difficult to handle by most DAST solutions, since they're only, well...DAST. Let me clarify, Codename SCNR is marketed as a DAST product, but that's only when it comes to the server-side, and...