Utilizing Dynamic Analysis for Web Application Penetration Testing

Thumbnail Image
Files
92-eeict-2024-II.pdf(583 KB)
Date
2024
Authors
Píš, Patrik
Lazarov, Willi
ORCID
Advisor
Referee
Mark
Journal Title
Journal ISSN
Volume Title
Publisher
Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
Altmetrics
Abstract
This paper presents the design and implementation of a new modular tool, called PtWebDA, for dynamic analysis of web applications as one of the techniques used in penetration testing. Compared to other available tools and their limitations, our solution enables efficient rate limiting while also allowing testing of HTTP headers, cookie attributes, and content security policy directives. To verify its effectiveness in supporting manual web application penetration testing, we performed experimental testing in a controlled environment. The results of testing the presented tool PtWebDA are discussed in detail and highlight the key contributions of our solution.
Description
Keywords
cybersecurity, dynamic analysis, penetration testing, rate limiting, cookies, CSP directives, HTTP headers
Citation
Proceedings II of the 30st Conference STUDENT EEICT 2024: Selected papers. s. 92-95. ISBN 978-80-214-6230-4
https://www.eeict.cz/eeict_download/archiv/sborniky/EEICT_2024_sbornik_2.pdf
Document type
Peer-reviewed
Document version
Published version
Date of access to the full text
Language of document
en
Study field
Comittee
Date of acceptance
Defence
Result of defence
Document licence
© Vysoké učení technické v Brně, Fakulta elektrotechniky a komunikačních technologií
DOI
10.13164/eeict.2024.92
URI
https://hdl.handle.net/11012/249290
Collections
Student EEICT 2024: Selected Papers
Citace PRO