Using Wappalyzer to see the technologies behind your web app

Document created by Dave Ferguson Employee on Aug 28, 2017Last modified by Dave Ferguson Employee on Aug 28, 2017
Version 3Show Document
  • View in full screen mode

Qualys WAS users who are security professionals often seem to struggle when asked what frameworks their web apps are built on.  Not surprising, because it's easy to get confused among the vast array of technologies that make up today's web development landscape.  Not only are there are different types of web servers and application servers, you also have to deal with different development platforms, programming languages, client-side JavaScript frameworks, authentication protocols, different CMSs and CDNs, advertising networks, analytics engines, and so on.


To know what technologies your web apps are using, I recommend using the Wappalyzer browser extension.  It is available for both Chrome and Firefox.  Once installed, you will see the following icon in your browser's toolbar:  Wappalyzer icon


Click it and you'll see a categorized listing of different types of technologies used by the website currently loaded in your browser.   Here is an example:


Wappalyzer example


As a dynamic scanning product, Qualys WAS needs to be able to handle many different types of web technologies.  In fact the SmartScan feature within WAS was introduced last year to provide better crawling and coverage of apps that use modern JavaScript frameworks such as AngularJS, Bootstrap, and ReactJS.  You may find this extension comes in handy when troubleshooting your WAS scans, working with Qualys Support, or other times when you least expect it.

3 people found this helpful