Press release

Data Theorem Launches Automated Discovery and Continuous Dynamic Runtime Vulnerability Inspection to Protect Single-Page Applications

Sponsored by Businesswire

Data Theorem, Inc., a leading provider of modern application security, today introduced a new SPA security service that delivers automated discovery and continuous dynamic runtime vulnerability inspection of modern web single-page applications (SPAs). Purpose-built for SPAs, the new service is differentiated in its runtime security analysis that supports both GraphQL and REST API services, the popular services for SPAs that dynamically deliver a faster and richer web user experience.

This press release features multimedia. View the full release here:

Data Theorem delivers dynamic analysis of an SPA discovered by scanning certificate transparency logs to automatically detect and validate the security of its backend APIs. (Graphic: Business Wire)

Data Theorem delivers dynamic analysis of an SPA discovered by scanning certificate transparency logs to automatically detect and validate the security of its backend APIs. (Graphic: Business Wire)

With DevOps teams rapidly building web SPAs, security and IT teams using traditional web app scanners lack the ability to gather application insights and inspect for security vulnerabilities on these new modern web apps. Now with this new offering from Data Theorem, for the first time users can fully discover and inspect vulnerabilities with dynamic runtime analysis for both GraphQL and REST API services.

“SPA security is the new frontier for modern web application security, and like mobile it is tightly coupled to the explosion and growth of GraphQL and API backend services,” said Doug Cahill, senior analyst and group practice director of cybersecurity for ESG. “To best protect these services from attack, organizations need a solution that delivers both continuous security vulnerability inspection and runtime analysis that supports both GraphQL and REST API services.”

Businesses today delivering modern web applications build SPAs to deliver a richer and faster user experience that is similar to what they deliver with their mobile apps. Similar to mobile app protection, traditional web app scanners lack the ability to add security insights to SPAs because of the dynamic nature of the SPA JavaScript architecture. In addition, GraphQL adds a new attack surface due to the enhanced flexibility it provides, making it difficult to protect against malicious queries. These attack queries could lead to denial of service attacks, or unauthorized access to private data.

“Growth of SPA deployment and usage increases every year because organizations want their web experience to be as good as their mobile app experience,” said Doug Dooley, Data Theorem COO. “But security tools have not kept up with this modern software development trend. With our first web app security offering launching today, Data Theorem is leaping ahead of the competitive landscape to now serve users’ complex security needs beyond API and mobile. We were already leading in runtime analysis for mobile apps, and now we offer similar depth of runtime analysis to protect these popular SPAs.”

Today’s SPA security solution is offered as a component of Data Theorem’s API Discover and API Inspect, which together address security concerns such as Shadow APIs, Serverless Applications, and API Gateway cross-check validation by conducting continuous security assessments on API authentication, authorization, encryption, availability, serverless functions, and policy compliance. The API security solutions support Amazon Web Services, Google Cloud, and Microsoft Azure to discover modern APIs and to enumerate the specification using standards such as Swagger and Open API 3.0.

Pricing and Availability

Available today from Data Theorem, annual list price starts at $9,900 per SPA licensed as a component of API Discover and API Inspect. For more information, contact us at:

About Data Theorem

Data Theorem is a leading provider of modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere. The Data Theorem Analyzer Engine continuously scans APIs and mobile applications in search of security flaws and data privacy gaps. Data Theorem products help organizations build safer applications that maximize data security and brand protection. The company has detected more than 300 million application eavesdropping incidents and currently secures more than 4,000 modern applications for its enterprise customers around the world. Data Theorem is headquartered in Palo Alto, Calif.; with offices in New York; Paris; and Bangalore, India. For more information visit

Data Theorem and TrustKit are trademarks of Data Theorem, Inc. All other trademarks are the property of their respective owners.