INFORMATION SECURITY

Automated Web Application Scanning with Wapiti, Selenium, and SQLMap

  • 1 National Military University “Vasil Levski”, Bulgaria

Abstract

The security of web applications has become a crucial aspect in protecting users’ data and personal information. The potential for vulnerabilities in web applications to result in data theft, loss of trust in service providers, and significant financial loss underscores the significance of robust automated web application scans. This research paper examines the use of tools such as Wapiti, Selenium, and SQLMap for automated web application testing. The primary objective is to assess the efficacy of automated scanning for a specific web application and to establish a benchmark for evaluating the results. The scope of the analysis encompasses the various security aspects covered by these tools and assesses their effectiveness and accuracy in detecting vulnerabilities.

Keywords

References

  1. V. K. Velu, Mastering Kali Linux for Advanced Penetration Testing, Fourth Edition, Packt Publishing Ltd. (2017).
  2. A. L. Doup´e, Advanced Automated Web Application Vulnerability Analysis, University of California, (2014), Accessed 19.03.24 at https://www.academia.edu/23627654/ Advanced_Automated_Web_Application_Vulnerability_Analysis.
  3. M. Shema, Web Application Security for Dummies, John Wiley & Sons, Ltd (2011).
  4. Selenium. Suite of tools for automating web browsers. Accessed 10.11.24 at https://www.selenium.dev/.
  5. N. Surribas, Wapiti. The web-application vulnerability scanner, Accessed 10.11.24 at https://wapiti-scanner.github.io/.
  6. A. G. Bernardo Damele, M. Stampar, SQLMap. Automatic SQL injection and database takeover tool, Accessed 19.03.24 at https://sqlmap.org/.
  7. E. Saad, R. Michell, Web Security Testing Guide v4.2, Accessed 19.03.24 at https://github.com/OWASP/wstg/ releases/download/v4.2/wstg-v4.2.pdf.

Article full text

Download PDF