Yes. AppScan Standard can be configured to explore and test an AJAX based web application.
However, Manual Explore may need to be used to explore some URLs that are generated by AJAX. After exploring those URLs you can continue to explore the rest of the URLs using an Automatic Explore.
Since AJAX itself is the technology that runs on the client side, all of the testing techniques (such as SQL Injection, XSS, Buffer Overflows) are still relevant. The following occurs in this background of the testing phase:
- The AJAX code tries to fire HTTP requests
- HTTP Requests are fired in the background (asynchronous requests)
- AppScan fetches the requests
- AppScan runs tests (XSS, SQL Injection, etc.) on the fetched requests