The Universal Translator understands the formats, protocols, and development technologies used in modern mobile and browser-based applications. Whether analyzing data from a traditional name::value pair crawl or traffic captured within a proxy capture for modern apps, the Universal Translator normalizes traffic and attacks your application to uncover vulnerabilities.
Single page applications are a recent web innovation that has made it possible to provide end users with snappy, responsive experiences without slow and annoying page reloads. Despite their increased presence on the web, many legacy application scanners have difficulty crawling these types of web apps, since they don't utilize a traditional HTML sitemap. InsightAppSec has been designed to automatically crawl and attack SPAs, providing coverage where other solutions can't.
Modern web applications today are complex, and not all can be comprehensively scanned without some configuration. For example, application areas behind multi-step login sequences that include a CAPTCHA challenge. For this reason, InsightAppSec supports multiple means to enhance coverage programmatically, through recorded macros, Selenium test scripts, Swagger REST API definitions, and traffic recordings. With the flexibility provided by these options, InsightAppSec ensures your scans generate accurate results.
Web technologies continue to evolve at a high velocity. Thus, your DAST solution should be architected to be future-proof. InsightAppSec's Universal Translator logically separates the crawl and attack engines used in a DAST scan, allowing for easy and frequent updates to one engine—such as new attacks and new input types—without breaking functionality in the other.