Abstract
WASAT (Web Authentication Security Analysis Tool) is an intuitive and complete application designed for the assessment of the security of different web related authentication schemes, namely Basic Authentication and Forms-Based Authentication. WASAT is able to mount dictionary and brute force attacks of variable complexity against the target web site. Password files incorporate a syntax to generate different password search spaces. An important feature of this tool is that low-signature attacks can be performed in order to avoid detection by anti-brute-force mechanisms. This tool is platform-independent and multithreading too, allowing the user to take control of the program speed. WASAT provides some features not included in many of the existing similar applications and hardly any of their drawbacks, making this tool an excellent one for security analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bojinov, H., Bursztein, E., Lovett, E., Boneh, D.: Embedded Management Interfaces: Emerging Massive Insecurity. In: Black Hat Technical Security Conference, Las Vegas, NV, USA (2009)
Berners-Lee, T., Fielding, R., Frystyk, H.: Hypertext Transfer Protocol – HTTP/1.0. (1996), http://www.ietf.org/rfc/rfc1945.txt
Crowbar: Generic Web Brute Force Tool (2006), http://www.sensepost.com/research/crowbar/
Hobbie: Brutus (2001), http://www.hoobie.net/index.html
Sentinel: Caecus. OCR Form Bruteforcer (2003), http://sentinel.securibox.net/Caecus.php
Hauser, V.: THC-Hydra (2008), http://freeworld.thc.org/thc-hydra/
Edge-Security: WebSlayer (2008), http://www.edge-security.com/webslayer.php
Carnegie Mellon University: CAPTCHA: Telling Humans and Computers Apart Automatically (2009), http://www.captcha.net/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Torrano-Gimenez, C., Perez-Villegas, A., Alvarez, G. (2010). WASAT- A New Web Authorization Security Analysis Tool. In: Serrão, C., Aguilera Díaz, V., Cerullo, F. (eds) Web Application Security. IBWAS 2009. Communications in Computer and Information Science, vol 72. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16120-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-16120-9_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16119-3
Online ISBN: 978-3-642-16120-9
eBook Packages: Computer ScienceComputer Science (R0)