Vunerability/security scanner for single page JavaScript apps
Question
I've used skipfish and Burp Suite previously on 'standard' web applications.
However I'm now writing more and more single-page apps , in my case with backbone.js.
Is there anyway to scan these with software? Aside from just testing your API urls explicitly?
1 answers
solution1
0 2012-11-21 18:20:50
Two tools that can be useful for evaluating JavaScript are JSLint and Dominator.
JSLint is a JavaScript code quality tool written by Douglass Crockford. While its purpose isn't solely to analyze the security of your code, it will highlight unsafe and poor techniques that make your application more error prone and potentionally vulnerable to security issues. Again, it's not a security tool per se, but it's useful nonetheless.
Dominator is a Firefox based software that aids in identifying DOM XSS issues within a website. In general, you can just surf a page and use an application while running it, and it will highlight and alert you regarding what it believes is a security problem. It has it's fair share of false positives, but I have found a few bugs while using this tool. I believe it also has a built-in fuzzer, but I haven't used that functionality much.
Another useful tool is grep . Don't underestimate how many bugs you can find by grepping for known dangerous functions and ensuring that you are using them in a safe way.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.