WAPTT - Web Application Penetration Testing Tool

被引:3
|
作者
Duric, Zoran [1 ]
机构
[1] Univ Banja Luka, Fac Elect Engn, Banja Luka 78000, Bosnia & Herceg
来源
ADVANCES IN ELECTRICAL AND COMPUTER ENGINEERING | 2014年 / 14卷 / 01期
关键词
databases; security; vulnerabilities; web sites; web applications;
D O I
10.4316/AECE.2014.01015
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Web applications vulnerabilities allow attackers to perform malicious actions that range from gaining unauthorized account access to obtaining sensitive data. The number of reported web application vulnerabilities in last decade is increasing dramatically. The most of vulnerabilities result from improper input validation and sanitization. The most important of these vulnerabilities based on improper input validation and sanitization are: SQL injection (SQLI), Cross-Site Scripting (XSS) and Buffer Overflow (BOF). In order to address these vulnerabilities we designed and developed the WAPTT (Web Application Penetration Testing Tool) tool - web application penetration testing tool. Unlike other web application penetration testing tools, this tool is modular, and can be easily extended by end-user. In order to improve efficiency of SQLI vulnerability detection, WAPTT uses an efficient algorithm for page similarity detection. The proposed tool showed promising results as compared to six well-known web application scanners in detecting various web application vulnerabilities.
引用
收藏
页码:93 / 102
页数:10
相关论文
共 50 条
  • [31] WebSob: A tool for robustness testing of web services
    Martin, Evan
    Basu, Suranjana
    Xie, Tao
    29TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING: ICSE 2007 COMPANION VOLUME, PROCEEDINGS, 2007, : 65 - +
  • [32] A Fuzzy Classifier-Based Penetration Testing for Web Applications
    Alhassan, J. K.
    Misra, Sanjay
    Umar, A.
    Maskeliunas, Rytis
    Damasevicius, Robertas
    Adewumi, Adewole
    PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY & SYSTEMS (ICITS 2018), 2018, 721 : 95 - 104
  • [33] Testing a Web Application Involving Web Browser Interaction
    Zhu, Bin
    Miao, Huaikou
    Cai, Lizhi
    SNPD 2009: 10TH ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCES, NETWORKING AND PARALLEL DISTRIBUTED COMPUTING, PROCEEDINGS, 2009, : 589 - 594
  • [34] USABILITY TESTING OF A WEB-BASED APPLICATION FOR CAREGIVERS OF PEOPLE WITH DEMENTIA: THE WECARE ADVISOR TOOL
    Marx, K. A.
    Werner, N. E.
    Kales, H.
    Turnwald, M.
    Stanislawski, B.
    Gitlin, L. N.
    GERONTOLOGIST, 2015, 55 : 597 - 597
  • [35] Penetration Testing: Dumping Data from Web Application Using SQL Injection Attack (Case Study: eArsip)
    Djajadi, Arko
    Sutisna, Nanang
    INTERNETWORKING INDONESIA, 2021, 13 (01): : 3 - 9
  • [36] WEB APPLICATION FOR CAT TESTING OF STUDENTS
    Andelic, Svetlana
    Kuleto, Valentin
    2013 21ST TELECOMMUNICATIONS FORUM (TELFOR), 2013, : 861 - 864
  • [37] Web Application Automatic Testing Solution
    Xiao Dawei
    Jiang Liqiu
    Xu Xinpeng
    Wang Yuhang
    2016 3RD INTERNATIONAL CONFERENCE ON INFORMATION SCIENCE AND CONTROL ENGINEERING (ICISCE), 2016, : 1183 - 1187
  • [38] Web application testing beyond tactics
    Nguyen, HQ
    WSE 2004: SIXTH IEEE INTERNATIONAL WORKSHOP ON WEB SITE EVOLUTION, PROCEEDINGS, 2004, : 83 - 83
  • [39] Going faster: Testing the Web application
    Hieatt, E
    Mee, R
    IEEE SOFTWARE, 2002, 19 (02) : 60 - +
  • [40] Study on Beta Testing of Web Application
    Zhu Zemin
    2010 2ND INTERNATIONAL CONFERENCE ON COMPUTER AND AUTOMATION ENGINEERING (ICCAE 2010), VOL 1, 2010, : 423 - 426
12345