So, let's look at some of the key things we need to think about when testing these modern web applications.
2. RESTful APIs (back-end). – Today's modern applications are powered by complex back-end APIs. Most organizations are currently testing RESTful API's manually or not testing them at all. Your dynamic application security solutions should be able to automatically discover and test a RESTful API while crawling both AJAX applications and SPA. Because APIs are proliferating so rapidly, they take a long time test. Ensuring your dynamic application security solutions should enable your expert pen testers to focus on the problems that can't be automated, like Business Logic testing.
3. Interconnected applications. - As security experts, it's imperative that we understand today's interconnected world. We are seeing interconnected applications at work and at home. For example, The Yahoo homepage shows news from many sites and includes your Twitter feed. Amazon is offering up products from eBay. We are used to thinking about testing an individual application, but now we must go beyond that. Many applications have created open APIs so that other applications can connect to it, or are consuming API's of 3rd party applications. These applications are becoming increasingly interconnected and interdependent. Your DAST solution should help you address this interconnectivity by testing the API's that power them.