Yet Another Web Application Testing Toolkit (Yawatt) presented at HITBSecConf Malaysia 2006

by Fyodor Yarochkin,

Tags: Security Web Testing

Summary : Presentation Title:Presentation Detail:Fyodor and Meder will present the results of their research in the area of automated web application security testing. YAWAT was created due to the fact that the existing automated web application security testing approaches are extremely limited, and practically unable to identify application security problems beyond typical coding errors (i.e. SQL injection, XSS and CRLF injection bugs).The purpose of the YAWATT is to provide security analysts with flexible modular framework based on meta-language that is used to describe web application testing scenarios and aims to assist in discovery of both coding errors and application “logic” vulnerabilities. Due to modular design the application testers are provided with granular control over whole testing process, and ability to modify execution scenario, submit additional application data and/or re-execute testing process using new “knowledge” obtained during previous execution.About FyodorFyodor Yarochkin is a security hobbyist and happy programmer with a few years spent in business objectives and the xe2u20acu0153securityxe2u20acx9d service delivery field. These years, however, werenxe2u20acu2122t completely wasted - Fyodor has been contributing his spare time to a few open and closed source projects, that attracted limited use among non-business oriented computer society. He has a background of system administration and programming and holds Engineering degree in Software Engineering.Note: Fyodor is not xe2u20acu02dcnmap Fyodorxe2u20acu2122. (http://www.snort.org/docs/faq.html#1.2)