An Overview of Concepts and Terms

Today's security teams are responsible for securing hundreds of applications that include complex rich clients and APIs, complying with industry and government regulations, and keeping up with hacking trends. To them, building an effective application security program requires more than just crawling the web application interface. It's about having comprehensive application coverage and utilizing more sophisticated attack methodologies that address the technologies used by modern applications. With AppSpider, you can plan, control and measure scans and look across all application scan data to track improvements in your security posture. Utlimately, AppSpider provides a way for you to assess and prioritize areas of greatest risk and enables you to build a modern enterprise application security program.

About AppSpider

AppSpider is a dynamic application security testing solution that allows you to scan web and mobile applications for vulnerabilities.

The core technology behind AppSpider is the Universal Translator, which interprets the new technologies, such as AJAX, HTML5, and JSON, that are being used in today's web and mobile applications and crawls traditional applications.

Available on premise, hosted or as a managed service, AppSpider enables you to effectively manage your application security program, delivers thorough analysis, comprehensive application coverage and sophisticated attack methodologies.

Compare editions

  • AppSpider Pro
  • AppSpider Enterprise
  • AppSpider OnDemand

Benefits of AppSpider

  • Broad coverage
  • Advanced authentication
  • Integrations
  • Interactive reports
  • Distributed and scalable
  • Centralized control
  • Continuous site monitoring
  • End to end testing of APIs built with the OpenAPI Specification (formerly known as Swagger)

Terms you should know

  • Attack type

  • Dynamic Application Security Testing - DAST tools traditionally communicate with applications through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. Properly architected DAST tools first perform a “crawl” of the client interface to understand the application and then they conduct an “attack” or “audit” to find the vulnerabilities.

  • System administrator

  • Client account

  • Provisioner account

  • Attack type

  • Universal Translator - The Universal Translator is capable of understanding the parts of the application that cannot be crawled by normalizing the data into a common format. So, AppSpider can conduct the normal crawl and audit on HTML and Javascript, but then it can also take normalized data from non-crawlable elements and attack them. AppSpider learns about these un-crawlable technologies from proxy or traffic logs like Burp Suite. AppSpider analyzes the data from the logs and then normalizes it.

  • Questionnaire

  • Attack policy

  • Browser macro

  • HTTP header

  • Proxy

  • Authentication

  • Custom URLs

  • Traffic viewer

  • Client - A client represents a collection of users who interact with AppSpider.

How AppSpider works

  1. Crawl

  2. Record

  3. Translate

  4. Attack

An Overview of Concepts and Terms