Social MediaTwitter

Robert Feeney



Title: Web Application Vulnerability Scanners – An Introduction & Discussion on their limitations

Web Application Vulnerability Scanners are becoming increasingly automated and are facing more difficulties as web technologies change and evolve.

As is evident from the October 2015 “Talk-Talk hack”, where a 16-Year-old boy performed an easily exploitable SQL Injection attack which resulted in TalkTalk losing £60 million and where 157,000 customers had their details stolen, The effects of having insecure Web Applications can be utterly disastrous.

Web Application Scanning tools are used by Penetration Testers and Security folk alike in order to help identify vulnerabilities in a given web app. They come in many different forms and some cost a significant sum.

Scanners attempt to identify dangerous vulnerabilities like Cross Site Scripting (XSS) and SQL Injection among many others and these tools must be constantly improved and enhanced in order to keep up with the latest malicious attacker techniques but also contemporary development frameworks.

For example, architectural changes and improvements issues such as Anti-CSRF tokens, recursive links and JS dynamically generated URLS have a massive impact on a scanners ability to effectively identify, crawl, scan and analyse a target web application for vulnerabilities.

This presentation details how useful WAVS can be in helping an organisation develop their appsec program and attempts to highlight the problems that current web application scanners face in dealing with both traditional and contemporary web architectures and technologies. It suggests improvements and identifies pitfalls of using automation without applying intelligence and a contextual view of the target being assessed.