Data Theorem Launches Automated Discovery and Continuous Dynamic Runtime Vulnerability Inspection to Protect Single-Page Applications

New Solution Purpose-Built to Protect Rapidly Emerging Modern Web SPAs with Runtime Security Analysis Uniquely Supports both GraphQL and REST API Services


Data Theorem, Inc., a leading provider of modern application security, today introduced a new SPA security service that delivers automated discovery and continuous dynamic runtime vulnerability inspection of modern web single-page applications (SPAs). Purpose-built for SPAs, the new service is differentiated in its runtime security analysis that supports both GraphQL and REST API services, the popular services for SPAs that dynamically deliver a faster and richer web user experience.

With DevOps teams rapidly building web SPAs, security and IT teams using traditional web app scanners lack the ability to gather application insights and inspect for security vulnerabilities on these new modern web apps. Now with this new offering from Data Theorem, for the first time users can fully discover and inspect vulnerabilities with dynamic runtime analysis for both GraphQL and REST API services.

“SPA security is the new frontier for modern web application security, and like mobile it is tightly coupled to the explosion and growth of GraphQL and API backend services,” said Doug Cahill, senior analyst and group practice director of cybersecurity for ESG. “To best protect these services from attack, organizations need a solution that delivers both continuous security vulnerability inspection and runtime analysis that supports both GraphQL and REST API services.”

Businesses today delivering modern web applications build SPAs to deliver a richer and faster user experience that is similar to what they deliver with their mobile apps. Similar to mobile app protection, traditional web app scanners lack the ability to add security insights to SPAs because of the dynamic nature of the SPA JavaScript architecture. In addition, GraphQL adds a new attack surface due to the enhanced flexibility it provides, making it difficult to protect against malicious queries. These attack queries could lead to denial of service attacks, or unauthorized access to private data.

“Growth of SPA deployment and usage increases every year because organizations want their web experience to be as good as their mobile app experience,” said Doug Dooley, Data Theorem COO. “But security tools have not kept up with this modern software development trend. With our first web app security offering launching today, Data Theorem is leaping ahead of the competitive landscape to now serve users’ complex security needs beyond API and mobile. We were already leading in runtime analysis for mobile apps, and now we offer similar depth of runtime analysis to protect these popular SPAs.”

Today’s SPA security solution is offered as a component of Data Theorem’s API Discover and API Inspect, which together address security concerns such as Shadow APIs, Serverless Applications, and API Gateway cross-check validation by conducting continuous security assessments on API authentication, authorization, encryption, availability, serverless functions, and policy compliance. The API security solutions support Amazon Web Services, Google Cloud, and Microsoft Azure to discover modern APIs and to enumerate the specification using standards such as Swagger and Open API 3.0.

Pricing and Availability

Available today from Data Theorem, annual list price starts at $9,900 per SPA licensed as a component of API Discover and API Inspect. For more information, contact us at: .

Media Contact

Dan 960-9297

About Data Theorem

Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world.