Yet Another Web Application Testing Toolkit presented at SyScan 2006

by Fyodor YarochkinandMeder Kydyraliev,

Tags: Security Web Testing

Summary : Fyodor and Meder will present the results of their research in the area of automated web application
security testing. YAWAT was created due to the fact that the existing automated web application security
testing approaches are extremely limited, and practically unable to identify application security problems
beyond typical coding errors
(i.e. SQL injection, XSS and CRLF injection bugs).The purpose of the YAWATT is to provide security analysts with flexible modular framework based on meta-language
that is used to describe web application testing scenarios and aims to assist in discovery of both coding errors
and application "logic" vulnerabilities. Due to modular design the application testers are provided with granular
control over whole testing process, and ability to modify execution scenario, submit additional application data
and/or re-execute testing process using new "knowledge" obtained during previous execution.