Open AccessWAPTT - Web Application Penetration Testing Tool
Author(s) -
Zoran Đurić
Publication year - 2014
Publication title -
advances in electrical and computer engineering
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.254
H-Index - 23
eISSN - 1844-7600
pISSN - 1582-7445
DOI - 10.4316/aece.2014.01015
Subject(s) - computer science , computer security , penetration (warfare) , web application security , web application , secure coding , world wide web , web service , web development , information security , engineering , software security assurance , operations research , security service
Web applications vulnerabilities allow attackers to perform malicious actions that range from gaining unauthorized account access to obtaining sensitive data. The number of reported web application vulnerabilities in last decade is increasing dramatically. The most of vulnerabilities result from improper input validation and sanitization. The most important of these vulnerabilities based on improper input validation and sanitization are: SQL injection (SQLI), Cross-Site Scripting (XSS) and Buffer Overflow (BOF). In order to address these vulnerabilities we designed and developed the WAPTT (Web Application Penetration Testing Tool) tool - web application penetration testing tool. Unlike other web application penetration testing tools, this tool is modular, and can be easily extended by end-user. In order to improve efficiency of SQLI vulnerability detection, WAPTT uses an efficient algorithm for page similarity detection. The proposed tool showed promising results as compared to six well-known web application scanners in detecting various web application vulnerabilities