Crawling Ajax-driven Web 2.0 Applications

Contributed by Shreeraj Shah and restored from the old Infosecwriters.com archive.

Crawling web applications is one of the key phases of automated web application scanning. The objective of crawling is to collect all possible resources from the server in order to automate vulnerability detection on each of these resources. A resource that is overlooked during this discovery phase can mean a failure to detect some vulnerabilities. The introduction of Ajax throws up new challenges [1] for the crawling engine. New ways of handling the crawling process are required as a result of these challenges. The objective of this paper is to use a practical approach to address this issue using rbNarcissus, Watir and Ruby.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet