SCWAD: Automated Pentesting of Web Applications

Natan Talon; Valérie Tong; Gilles Guette; Yufei Han; Youssef Laarouchi

doi:10.5220/0012721000003767

SCWAD: Automated Pentesting of Web Applications

Natan Talon, Valérie Tong, Gilles Guette, Yufei Han, Youssef Laarouchi

2024

Abstract

A wide array of techniques and tools can be employed for web application security assessment. Some methods, such as fuzzers and scanners, are partially or fully automated, offering speed and cost-effectiveness. However, these tools often fall short in detecting specific vulnerabilities like broken access control and are prone to generating false positives. On the other hand, manual processes like penetration testing, though more time-consuming and necessitating expertise, provide a more comprehensive risk assessment. To overcome the limitations of automated tools, these techniques are frequently combined. Fuzzers and scanners, despite their ease of use and quick results, require the expertise of penetration testing experts to address their limitations. By integrating these approaches, a more robust and nuanced security assessment can be achieved. This article presents SCWAD, an automated and customizable penetration testing framework designed to assess vulnerabilities in web applications.

Download

Paper Citation

in Harvard Style

Talon N., Tong V., Guette G., Han Y. and Laarouchi Y. (2024). SCWAD: Automated Pentesting of Web Applications. In Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-709-2, SciTePress, pages 424-433. DOI: 10.5220/0012721000003767

in Bibtex Style

@conference{secrypt24,
author={Natan Talon and Valérie Tong and Gilles Guette and Yufei Han and Youssef Laarouchi},
title={SCWAD: Automated Pentesting of Web Applications},
booktitle={Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2024},
pages={424-433},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012721000003767},
isbn={978-989-758-709-2},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 21st International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - SCWAD: Automated Pentesting of Web Applications
SN - 978-989-758-709-2
AU - Talon N.
AU - Tong V.
AU - Guette G.
AU - Han Y.
AU - Laarouchi Y.
PY - 2024
SP - 424
EP - 433
DO - 10.5220/0012721000003767
PB - SciTePress