Ensure All the JavaScript Libraries Your Developers Use in Web Applications Are Not Vulnerable

Category: Product Docs & FAQS - Last Updated: Wed, 27 Jan 2016 - by Robert Abela

Almost any type of modern web application uses some sort of popular JavaScript framework or library, such as AngularJS and jQuery. These JavaScript libraries gained a lot of popularity because they allow developers to easily build dynamic and interactive web applications, without the need to develop all the functionality themselves. They build the web application around the JavaScript library's functionality.

The Importance of Keeping All JavaScript Libraries Up to Date

There are several other advantages to using such JavaScript libraries. For example, you are guaranteed a stable product because most of these libraries are thoroughly tested by the public. Though like any other software component, these JavaScript libraries have their own security issues. In fact in 2015 we did publish a few advisories about vulnerabilities in JavaScript libraries.

If a JavaScript Library is Vulnerable, Your Web Application is Vulnerable as well

Therefore unless the JavaScript libraries you use in your web applications are kept up to date, your web application might be vulnerable. And how do you ensure that all your JavaScript libraries are not vulnerable? By scanning your web applications with a Netsparker web security scanner.

Netsparker's JavaScript Libraries Fingerprinting Engine

In both the latest Netsparker Desktop and Netsparker Cloud versions which we announced this January, we included a new JavaScript Libraries engine. This new engine is able to identify the JavaScript libraries used on a target web application and their version.

If an outdated JavaScript library is identified, which possibly could also be vulnerable, Netsparker web application security scanners will raise an alert and also report the vulnerabilities associated with that version of the library, as seen in the below screenshot.

A vulnerable version of AngularJS was identified on target website with Netsparker web application security scanner

Which JavaScript Libraries Do Netsparker Scanners Detect?

The first version of the JavaScript libraries scanning engne can already fingerprint twenty of the most popular libraries such as jQuery, jQuery-mobile, AngularJS, backbone.js and easyXDM. We will be updating the JavaScript libraries fingerprinting module with future updates, ensuring it can identify more JavaScript libraries. For a complete list of the JavaScript libraries, and to disable or enable the JavaScript fingerprinting module open the Scan Policy Editor, as shown in the below screenshot.

The JavaScript Libraries check in the Scan Policy Editor


Dead accurate, fast & easy-to-use Web Application Security Scanner