Hey there! for full disclaimer I'm the dude who wrote the NeuraLegion scanner so keep that in mind, having said that our DAST is one of the most capable working against SPA\Dynamic Apps. there are a few reasons for that:
- We wrote a full webdriver engine, we use this to crawl and interact with the target allowing us to do anything from capturing all of the JS events and triggering them while also mapping the APIs in use.
- We have a unique tech built around what we call "Interaction Chains", in modern apps most of what you got in the browser is a full client side application, most of the actions you make happen only in the browser context without sending requests to the server, this means that to map the application correctly you need to interact with it fully. think something like clicking on the drop down menu, choosing an option, filling in the popup form etc.. our interaction chains map those use cases automatically allowing us to "touch everything" on the app.
- Parsing of data - Crawling is just one step, understanding what you see is the next part before attacking. we have tech built around universal parsing of data, not just "id=1" and saying ok this is a parameter, but actually to parse multiple levels on the fly of everything from JSON to GraphQL and pure binary files (break png and change the data for upload attacks).
- Other then those we have a very neat way of digesting a HAR\OpenAPI\Swagger\Postman files to allow you to test API endpoints directly without the need for crawling.
Those are just the tech highlights and I'm trying to avoid sales talk so, you can just try it out, it's free :)
NeuraLegion does AST (DAST/Fizzer) using machine learning and offensive approach.
If you want to learn a bit more about the company https://www.neuralegion.com
There are multiple companies using it in production: https://github.com/crystal-lang/crystal/wiki/Used-in-product... other then that it is used across multiple projects in github, for anything from webapps, machine-learning, cyber-security, and data analysis
Getting acceptance was much easier than I expected. We used coffee-script a lot before which has a bit of an overlap with Ruby/Crystal, which helped.
We've since moved to using typescript on the front-end and crystal on the back end and both type systems have a lot of similarities. They both also help catch many more errors earlier which gives us a lot more confidence in our code and simplifies the scope of tests which are needed. You can get to a point with a javascript application when you feel you'll create a new bug just by looking at the wrong way.
Crystal as a languages feels really cool. It's very low on boiler plate, which makes it really easy to read and doesn't take a lot of explaining. It takes the best bits of Ruby, so has a easy to follow logic which allows you to understand how everything hangs together. There is also very easy to get hypnotised by the 3ms response times when you're running it locally.
I'd say the only down points at the moment is the size of the community. The lack of 3rd party libraries and inability to 'google for a solution' could be an issue. However crystal's community makes up for in energy what it lacks in size, the gitter room is very active - https://gitter.im/crystal-lang/crystal
Web dev is not the most complex of programming tasks and our team is small, so your mileage may vary, but so far so good.
