Security testing of web applications with specialised payloads

摘要

Method and system for security testing of web applications comprises; submitting 304 a test to a web application, wherein the test has a payload with a (possibly empty) set of constraints or variables. It further comprises receiving 305 a response from the web application, deriving 308 at least one constraint from the response, and using these to update the previous set of constraints and synthesize 310 a new payload. The test is then repeated 304 by submitting the new payload, and iterating this method until a security vulnerability is discovered 307 or a new payload cannot be constructed under all determined constraints and which possibly respects the grammar of a computer language used. This method may be used to check for input or script that is not sanitised by the web application and thus may be used as a cross-site scripting (XSS) attack. The constraints may be regarded as tokens, and tokens may be replaced with new tokens when generating the new payload.