Helping Johnny pentest

Abstract

With the advent of innovative Web 2.0 technologies, web applications play an important role on the modern-day Internet by delivering rich services such as web-based e-mail to social networking, on-line banking to e-commerce, as well as a plethora of other functionalities. However, due to their ever-increasing reliance and complexity, as well as their susceptibility to poor coding practices, these web applications often face a relentless threat from attackers. To remediate this threat, web application programmers generally turn to black-box scanners (tools which examine the security of web applications from a user’s perspective). However, these tools are far from perfect. In this thesis, we analyze the shortcomings of modern black-box scanners (such as crawling-limitations and deficiencies related to detecting certain vulnerabilities) and explore methods which improve their imperfections. In doing so, we propose methods which adds a modern twist on web application crawling, explore new ways to detect blind-SQL injection vulnerabilities, as well as give light to an advanced exploitation technique for blind-SQL injection.