This article helps you find the answers to the technical terminology behind our solution.
What is the difference between Single Page and Multi-Page applications?
Multi-Page applications (MPAs) use a standard HTML structure for their content. They consist of multiple individual pages loaded from the server when needed. Famous examples include applications created in PHP and Python with frameworks such as Laravel or Django.
This is an excellent article to get more details on the differences, pros, and cons for SPAs and MPAs.
What is the challenge in testing Single Page applications compared to Multi-Page applications?
The Crashtest Security SPA crawler is the only software on the market that allows you to scan SPAs without click-through models. This enables a much faster setup, better adaption to changes, and takes away a lot of effort required previously to scan SPAs.
Are Multi-Page applications more secure than Single Page applications?
The answer to this question depends on the individual application and the developer’s carefulness and security measures.
One potential concern for Single Page applications is the exposure of sensitive data.
If you’re not carefully about what data is contained by the initial page load, you could easily be sending data that shouldn’t necessarily be exposed to all users. Because the entire page isn’t generally visible in the browser in an SPA, this can lull a careless developer into a false sense of security. (Quote from Stack Exchange)
What is vulnerability scanning?
Vulnerability scanning allows the user to scan software for security vulnerabilities. This can happen on an infrastructure (i.e., network or physical) or application level. For example, Crashtest Security allows users to scan applications in an automated, agile manner with easy integration in your agile development process.
The manual approach to security testing is called penetration testing. This is a service performed by a person, taking between 5 and 20 days, depending on the scope of the test. Manual penetration tests often require a specific setup for each test and are incompatible with agile software release processes. However, manual pentesters can cover individual application-specific flaws and test for more OWASP categories, such as Broken Access Control.
Insufficient Logging and Monitoring, however, is something that requires an internal analysis of the processes and tools.
What does a vulnerability scanner do?
A vulnerability scanner identifies possible attack vectors in the web application or API. The vulnerability scanner then checks whether these attack vectors can be exploited.
Vulnerability scanning can either happen on a non-invasive or invasive basis. It is recommended to only run invasive scans in non-production environments, not to harm live applications.
Why do I need vulnerability scanning?
Vulnerability scanning provides many benefits:
- Ease of use: Vulnerability scanners make it simple to set up a test without being a security expert.
- Results within seconds: As the scanners provide results in real-time and operate with parallel requests, the first results are available within seconds of the start.
- Integration in CI/CD-toolchains: Due to the frequency of releases in the agile development processes, it is important to ensure every release is tested for security vulnerabilities. This is only possible when security scans can be triggered and evaluated in an automated fashion.
- No repeat setup effort: In contrast to manual security testing, vulnerability scan setup can be configured once and automatically performed on the current software version.
Is it difficult to set up a vulnerability scan?
No. We get you through the project setup within 2 minutes and promise results within 5 minutes of registration for the Crashtest Security Suite. In addition to the first security vulnerabilities, you also receive remediation advice for any found issues.