The Universal Translator in InsightAppSec and AppSpider
Category : Uncategorized
Providing better support for scanning modern web applications
In the face of constantly evolving web technologies, our engineers have responded to the
growing challenge of dynamically testing applications with the Universal Translator. The
Universal Translator acts as a bridge between the two key functions of every DAST: discovery
of the areas in an application where vulnerabilities can be exploited and attack through the
testing of those areas with inputs that may expose security gaps.
The Universal Translator increases flexibility by decoupling the discovery and attack engines
so that all attackable inputs identified by the discovery engine are translated and normalized
into a common universal format that is then understood by the attack engine; this makes it
possible for the same set of attacks to be applied to multiple input and data format types.
Still waiting on a “so what?” Long story short, this departure from just your standard crawling
expands your application area coverage and enables Rapid7 DAST engineers to quickly add
support for future web technologies and emerging attack types.
More here: The Universal Translator