[quaffapint]

We've been checking out the various scanners lately. One thing I noticed with both Zap and BurpSuite is the lack of being able to report page fragments in SPA routings.

So a page like http://yoursite.com/page/#/users would just be listed as http://yoursite.com/page. Does this handle those SPA routing cases and report them?

Also in general how is this different then Zap? We were just planning to set that up in our CI for API and SPA scanning.

What kind of scripting does it support to be able to get and use authz tokens for example?

[v1talique]

Excellent questions. We have built the support of SPA navigation. On top of that, our custom scenario functionality allows the scanner to reach the state of the app that may not have unique URL (i.e popup windows & etc) or the pages that require conditional logic, such as checkout page with products in the cart.