Traditionall webapps are often pentested by vulnerability scanners like Burp Suite, OWASP ZAP or with the other gazillion tools included in Kali. But what is the best way to pentest automatically a JavaScript web-app (AngularJS) with a REST backend? And what are the recommended tools for that task?
Asked
Active
Viewed 9,375 times
3
-
1Is the question specifically about *automated* testing/scanning or are you asking about ways to pentest Angular apps in general? – jupenur Nov 28 '16 at 21:42
-
Please note that fully automated webapp pentests only find some very-low hanging fruits. Any serious pentest goes way further than that. – niilzon Mar 31 '17 at 13:15
1 Answers
3
For Angular.JS, there is a very handy tool Batarang Chrome Extension in the Chrome Extension Store:
https://chrome.google.com/webstore/detail/angularjs-batarang/ighdmehidhipcmcojjgiloacoafjmpfk
For testing REST you can still use Burp, Fiddler or ZAP.
Here is a link to REST OWASP cheat sheet: https://www.owasp.org/index.php/REST_Security_Cheat_Sheet
Michal Koczwara
- 1,580
- 3
- 15
- 27