Files
Abstract
With the advent of innovative Web 2.0 technologies, web applications play an important roleon the modern-day Internet by delivering rich services such as web-based e-mail to socialnetworking, on-line banking to e-commerce, as well as a plethora of other functionalities.However, due to their ever-increasing reliance and complexity, as well as their susceptibilityto poor coding practices, these web applications often face a relentless threat from attackers.To remediate this threat, web application programmers generally turn to black-box scanners(tools which examine the security of web applications from a users perspective). However,these tools are far from perfect. In this thesis, we analyze the shortcomings of modernblack-box scanners (such as crawling-limitations and deficiencies related to detecting certainvulnerabilities) and explore methods which improve their imperfections. In doing so, wepropose methods which adds a modern twist on web application crawling, explore new waysto detect blind-SQL injection vulnerabilities, as well as give light to an advanced exploitationtechnique for blind-SQL injection.