Abstract
Usually organizations deploy web applications into the production environment with vulnerabilities. To avoid it, organizations need to run a web application vulnerability assessment. The most prevalent kind of vulnerability assessment is when the tester uses a vulnerability scanner. This assessment can be divided into two phases: crawling and testing. The purpose of the first phase is to gather all the access points of the application. In the second phase the tester sends some malformed values to the application, and then analyze the response looking for known vulnerability patterns. The crawling phase is critical because if the tester cannot reach the applications content, he or she couldn't test that content to find vulnerabilities. One of the main challenges of crawling web applications are to fill out web forms with correct values. To face this challenge, web vulnerability scanners used to include a generic list of field value pairs. These scanners also let the tester to add new pairs. This paper presents a novel method for searching candidate web form field values. The challenge is to map more applications content than using the field value pairs included by default. Our method will try to get form fields values executing the client side code and looking for candidate values in an external data source.We have test the proposed method and the experiments show that it can improve the crawling phase of dynamic vulnerability assessment.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
