What is the single page application called?

What is the single page application called?

An SPA (Single-page application) is a web app implementation that loads only a single web document, and then updates the body content of that single document via JavaScript APIs such as XMLHttpRequest and Fetch when different content is to be shown.

Are single-page applications worth it?

An important feature of single-page applications is performance. They get a performance boost by loading HTML, CSS, and JavaScript resources as soon as the website is loaded. The reason is that when users come to an application, they need the shortest possible wait time so that they can do their work and leave.

Are single page apps secure?

The APIs behind a single page application can be protected by web server sessions (just like in the traditional approach), but it requires all business APIs to be proxied by a web server, which usually requires the use of session cookies which are very vulnerable to cyber-attacks.

How to secure a single-page application ( SPA )?

There are two ways to ensure that SPAs are properly tested for security. The first is to have an expert penetration tester attack the application manually. Pen testers can find all levels of vulnerabilities, but many organizations like to focus their tests on the areas where automation is difficult, such as business logic.

What happens when a single page application is not supported?

Traditionally, multi-page applications have a number of URLs for a scanner to crawl through in order to consider a scan complete. When a scanner does not support single-page applications, it is unable to scan much at all and returns quickly with few CWEs, resulting in a false sense of security.

How to secure single-page applications with Veracode?

The second solution is to use automated security scanning technologies. Organizations need to use a Dynamic Analysis solution that has the ability to automatically and effectively scan SPAs. Veracode Dynamic Analysis has a unique approach to this problem.

What happens when scanner does not support single page applications?

When a scanner does not support single-page applications, it is unable to scan much at all and returns quickly with few CWEs, resulting in a false sense of security. SPAs are especially vulnerable to Cross-Site Scripting (XSS) attacks, since users are making server requests in JavaScript that result in outputs in HTML.