Concepts
Active Attack Module
An active attack module attempts to alter your application by running attacks for well-known vulnerabilities (e.g. inserting SQL in forms).
Attack Type
Your applications can be attacked in a number of different ways, including botnets, spoofing, keyloggers, malware, and countless others.
Attack policy
You can define how AppSpider reacts to specific attacks.
Authentication
Make sure you set up authentication credentials for your webapps in order to successfully scan them.
Browser macro
Macros are recordings of some action that cannot be otherwise automated, such as logging in on certain types of pages. You can store a macro in your scan configuration in order to perform these actions.
Custom URLs
You can configure AppSpider to crawl your custom URLs when you set up a scan.
Dynamic Application Security Testing
DAST tools traditionally communicate with applications through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. Properly architected DAST tools first perform a “crawl” of the client interface to understand the application and then they conduct an “attack” or “audit” to find the vulnerabilities.
HTTP header
The header component in the HTTP requests, which adds another layer of security to your webapps.
Passive Attack Module
A passive attack module attempts to gain information about your environment by examining your application (e.g. looking for passwords stored in clear text).
Proxy
A proxy server acts as a middle man between a client’s network and an end server that intercepts all requests in an attempt to fulfill the request itself.
Questionnaire
This panel allows you to enable advanced options for the scan configuration.
Universal Translator
The Universal Translator is capable of understanding the parts of the application that cannot be crawled by normalizing the data into a common format. So, AppSpider can conduct the normal crawl and audit on HTML and Javascript, but then it can also take normalized data from non-crawlable elements and attack them. AppSpider learns about these un-crawlable technologies from proxy or traffic logs like Burp Suite. AppSpider analyzes the data from the logs and then normalizes it.
Scan Configuration
A scan configuration, or scan config, is a group of settings you can use to scan a particular web application. The scan configuration contains all the required details such as URL, credentials, and scan instructions for the application to be scanned. By creating a scan config, you can save a particular configuration of options, and use it to scan that application with those options again and again.
System administrator
Your “sysadmin” is responsible for configuring computer networks and servers at your organization, among other tasks.
Traffic viewer
Use the AppSpider traffic viewer to see and track the amount of traffic on your webapp URLs.