Adding web pentesting functionality to PTHelper
María Olivares-Naya, Jacobo Casado de Gracia, Alfonso Sánchez-Macián
TL;DR
This continuation is focused on expanding PThelper with the functionality to detect and later report web vulnerabilities in order to address emerging threats and strengthen the ability of the organizations to protect their web applications against potential cyber-attacks.
Abstract
Web application pentesting is a crucial component in the offensive cybersecurity area, whose aim is to safeguard web applications and web services as the majority of the web applications are mounted in publicly accessible web environments. This method requires that the cybersecurity experts pretend and act as real attackers to identify all the errors and vulnerabilities in web applications with the objective of preventing and reducing damages. As this process may be quite complex and the amount of information pentesters need may be big, being able to automate it will help them to easily discover the vulnerabilities given. This project is the direct continuation of the previous initiative called PThelper: An open source tool to support the Penetration Testing process. This continuation is focused on expanding PThelper with the functionality to detect and later report web vulnerabilities in order to address emerging threats and strengthen the ability of the organizations to protect their web applications against potential cyber-attacks.