Yes. Rational AppScan Standard can be configured to explore and test an AJAX based web application.
However, Manual Explore is recommended to explore URLs that are generated by AJAX.
After exploring those URLs you can continue to explore the rest of the URLs using an Automatic Explore.
Since AJAX itself is the technology that runs on the client side, all of the testing techniques (such as SQL Injection, XSS, Buffer Overflows) are still relevant.
The following occurs in this background of the testing phase:
- The AJAX code tries to fire HTTP requests
- HTTP Requests are fired in the background (asynchronous requests)
- AppScan fetches the requests
- AppScan runs tests (XSS, SQL Injection, etc.) on the fetched requests