Přístupnostní navigace
E-application
Search Search Close
Publication detail
PÍŠ, P. LAZAROV, W.
Original Title
Utilizing Dynamic Analysis for Web Application Penetration Testing
Type
conference paper
Language
English
Original Abstract
This paper presents the design and implementation of a new modular tool, called PtWebDA, for dynamic analysis of web applications as one of the techniques used in penetration testing. Compared to other available tools and their limitations, our solution enables efficient rate limiting while also allowing testing of HTTP headers, cookie attributes, and content security policy directives. To verify its effectiveness in supporting manual web application penetration testing, we performed experimental testing in a controlled environment. The results of testing the presented tool PtWebDA are discussed in detail and highlight the key contributions of our solution.
Keywords
cybersecurity; dynamic analysis; penetration testing; rate limiting; cookies; CSP directives; HTTP headers
Authors
PÍŠ, P.; LAZAROV, W.
Released
23. 4. 2024
Publisher
Brno University of Technology, Faculty of Electrical Engineering and Communication
Location
Brno
ISBN
978-80-214-6230-4
Book
Proceedings II of the 30th Conference STUDENT EEICT 2024
Edition
1
Pages from
92
Pages to
95
Pages count
4
URL
https://dx.doi.org/10.13164/eeict.2024.92
BibTex
@inproceedings{BUT188870, author="Patrik {Píš} and Willi {Lazarov}", title="Utilizing Dynamic Analysis for Web Application Penetration Testing", booktitle="Proceedings II of the 30th Conference STUDENT EEICT 2024", year="2024", series="1", pages="92--95", publisher="Brno University of Technology, Faculty of Electrical Engineering and Communication", address="Brno", doi="10.13164/eeict.2024.92", isbn="978-80-214-6230-4", url="https://dx.doi.org/10.13164/eeict.2024.92" }