Helping Johnny pentest
Abstract
With the advent of innovative Web 2.0 technologies, web applications play an important role
on the modern-day Internet by delivering rich services such as web-based e-mail to social
networking, on-line banking to e-commerce, as well as a plethora of other functionalities.
However, due to their ever-increasing reliance and complexity, as well as their susceptibility
to poor coding practices, these web applications often face a relentless threat from attackers.
To remediate this threat, web application programmers generally turn to black-box scanners
(tools which examine the security of web applications from a user’s perspective). However,
these tools are far from perfect. In this thesis, we analyze the shortcomings of modern
black-box scanners (such as crawling-limitations and deficiencies related to detecting certain
vulnerabilities) and explore methods which improve their imperfections. In doing so, we
propose methods which adds a modern twist on web application crawling, explore new ways
to detect blind-SQL injection vulnerabilities, as well as give light to an advanced exploitation
technique for blind-SQL injection.