I am new to Application Security. I was provided with Rapid7 Appsec to scan dynamic vulnerabilities in my web based product.
Since Appsec crawls to different URLs to identify vulnerabilities, it isn't able to scan my product completely since all of the communication is done over web sockets (we have in house bus via which all API calls take place) and hence we don't have different URLs that it can crawl.
I might be using a wrong tool to do this, kindly suggest a tool which can scan vulnerabilities in product having web socket communication.
FYI, I am using Sonar for static code vulnerabilities, Black Buck for dependency vulnerability and am looking for a tool for scanning Dynamic Vulnerabilities.
(Kindly correct me if I have put this in a wrong way, since I am unaware of much technicalities in the security domain)
