Single Page vs. Multi-Page Applications

In this article:

This article helps you find the answers to the technical terminology behind our solution.

What is the difference between Single Page and Multi-Page applications?

Multi-Page applications (MPAs) use a standard HTML structure for their content. They consist of multiple individual pages loaded from the server when needed. Famous examples include applications created in PHP and Python with frameworks such as Laravel or Django.

Single Page Applications (SPAs) use AJAX and HTML5 to build responsive apps. These apps send most of their content with the initial request and respond to most user input on the client-side without loading additional content from the server. Typically, JavaScript frameworks such as React, Angular, Vue, or Ember are responsible for handling the heavy lifting on the client-side for a single-page app.

This is an excellent article to get more details on the differences, pros, and cons for SPAs and MPAs.

What is the challenge in testing Single Page applications compared to Multi-Page applications?

Due to their responsive nature, Single Page Applications (SPAs) use asynchronous API requests for backend communication and manipulate the DOM tree to show information in real-time. Traditional crawlers have problems understanding all the JavaScript used in such cases and struggle to find ways to navigate through the application. Other security scanners use manual click-throughs as a base for an automated vulnerability scanner, which can be time-consuming to set up and inflexible to a constantly changing app.

The Crashtest Security SPA crawler is the only software on the market that allows you to scan SPAs without click-through models. This enables a much faster setup, better adaption to changes, and takes away a lot of effort required previously to scan SPAs.

Are Multi-Page applications more secure than Single Page applications?

The answer to this question depends on the individual application and the developer’s carefulness and security measures.

One potential concern for Single Page applications is the exposure of sensitive data.

If you’re not carefully about what data is contained by the initial page load, you could easily be sending data that shouldn’t necessarily be exposed to all users. Because the entire page isn’t generally visible in the browser in an SPA, this can lull a careless developer into a false sense of security. (Quote from Stack Exchange)

What is vulnerability scanning?

Vulnerability scanning allows the user to scan software for security vulnerabilities. This can happen on an infrastructure (i.e., network or physical) or application level. For example, Crashtest Security allows users to scan applications in an automated, agile manner with easy integration in your agile development process.

The manual approach to security testing is called penetration testing. This is a service performed by a person, taking between 5 and 20 days, depending on the scope of the test. Manual penetration tests often require a specific setup for each test and are incompatible with agile software release processes. However, manual pentesters can cover individual application-specific flaws and test for more OWASP categories, such as Broken Access Control.

Insufficient Logging and Monitoring, however, is something that requires an internal analysis of the processes and tools.

What does a vulnerability scanner do?

A vulnerability scanner identifies possible attack vectors in the web application or API. The vulnerability scanner then checks whether these attack vectors can be exploited.

Vulnerability scanning can either happen on a non-invasive or invasive basis. It is recommended to only run invasive scans in non-production environments, not to harm live applications.

Ebook about the prevention of the OWASP Top 10 threats

Prevention Guide

Big fat growing cybersecurity ebook

This ebook shows best practices and prevention techniques for keeping vulnerabilities away and securing your web apps.


Why do I need vulnerability scanning?

Vulnerability scanning provides many benefits:

  • Ease of use: Vulnerability scanners make it simple to set up a test without being a security expert.
  • Results within seconds: As the scanners provide results in real-time and operate with parallel requests, the first results are available within seconds of the start.
  • Integration in CI/CD-toolchains: Due to the frequency of releases in the agile development processes, it is important to ensure every release is tested for security vulnerabilities. This is only possible when security scans can be triggered and evaluated in an automated fashion.
  • No repeat setup effort: In contrast to manual security testing, vulnerability scan setup can be configured once and automatically performed on the current software version.

Is it difficult to set up a vulnerability scan?

No. We get you through the project setup within 2 minutes and promise results within 5 minutes of registration for the Crashtest Security Suite. In addition to the first security vulnerabilities, you also receive remediation advice for any found issues.

Get a quick security audit of your website for free now

We are analyzing
Scanning target
Scan status: In progress
Scan target:
Date: 12/08/2022
Crashtest Security Suite will be checking for:
Information disclosure Known vulnerabilities SSL misconfiguration Open ports
Complete your scan request
Please fill in your details receive the
quick security audit by email.
Security specialist is analyzing your scan report.
То verify your identity please provide your phone/mobile:
Thank you.
We have received your request.
As soon as your security audit is ready, we will notify you.