AnsweredAssumed Answered

AJAX web app scanning best practice

Question asked by balazs on Nov 27, 2013
Latest reply on May 25, 2015 by Far han

Hi all,

 

I am really interested in how do you scan JavaScript (AJAX) based web applications with WAS? My experiences that the WAS could not crawl the AJAX based web applications at all even if it is a very simple application like this: http://tutorialzine.com/2009/09/simple-ajax-website-jquery/

To remaining this example, I have deployed a simple web application base on this ajax based script on my server and the WAS 'Links Crawled' result was the following:

mydomain.com/ajax/

mydomain.com/ajax/load_page.php

mydomain.com/ajax/script.js

However I had several other pages too, the WAS could not discover those. So what is the best practise to scanning AJAX based web applications with WAS? What should I do? Can I use for example the Burp Suite Professional's site map's results as the source of the WAS scan?

 

I hope somebody can deal with this topic and can give a solution for me.

 

Thanks in advance.

Regards,

Balazs

Outcomes