guest ::
| Home > Conference materials > Papers > Utilizing Dynamic Analysis for Web Application Penetration Testing |
Original title:
Utilizing Dynamic Analysis for Web Application Penetration Testing
Authors: Píš, Patrik ; Lazarov, Willi
Document type: Papers
Language: eng
Publisher: Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
Abstract: This paper presents the design and implementation of a new modular tool, called PtWebDA, for dynamic analysis of web applications as one of the techniques used in penetration testing. Compared to other available tools and their limitations, our solution enables efficient rate limiting while also allowing testing of HTTP headers, cookie attributes, and content security policy directives. To verify its effectiveness in supporting manual web application penetration testing, we performed experimental testing in a controlled environment. The results of testing the presented tool PtWebDA are discussed in detail and highlight the key contributions of our solution.
Keywords: cookies; CSP directives; cybersecurity; dynamic analysis; HTTP headers; penetration testing; rate limiting
Host item entry: Proceedings II of the 30st Conference STUDENT EEICT 2024: Selected papers, ISBN 978-80-214-6230-4, ISSN 2788-1334
Institution: Brno University of Technology (web)
Document availability information: Fulltext is available in the Brno University of Technology Digital Library.
Original record: https://hdl.handle.net/11012/249290
Permalink: http://www.nusl.cz/ntk/nusl-622485
The record appears in these collections:
Universities and colleges > Public universities > Brno University of Technology
Conference materials > Papers
Authors: Píš, Patrik ; Lazarov, Willi
Document type: Papers
Language: eng
Publisher: Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
Abstract: This paper presents the design and implementation of a new modular tool, called PtWebDA, for dynamic analysis of web applications as one of the techniques used in penetration testing. Compared to other available tools and their limitations, our solution enables efficient rate limiting while also allowing testing of HTTP headers, cookie attributes, and content security policy directives. To verify its effectiveness in supporting manual web application penetration testing, we performed experimental testing in a controlled environment. The results of testing the presented tool PtWebDA are discussed in detail and highlight the key contributions of our solution.
Keywords: cookies; CSP directives; cybersecurity; dynamic analysis; HTTP headers; penetration testing; rate limiting
Host item entry: Proceedings II of the 30st Conference STUDENT EEICT 2024: Selected papers, ISBN 978-80-214-6230-4, ISSN 2788-1334
Institution: Brno University of Technology (web)
Document availability information: Fulltext is available in the Brno University of Technology Digital Library.
Original record: https://hdl.handle.net/11012/249290
Permalink: http://www.nusl.cz/ntk/nusl-622485
The record appears in these collections:
Universities and colleges > Public universities > Brno University of Technology
Conference materials > Papers
Record created 2024-07-21, last modified 2024-07-21