- General Status Code Error
- Access Control
Papers on web penetration testing are interesting in way that they propose several state-machine based tools that help to automate web penetration testing and identify the state changes.
Papers on Injection are mostly about defense mechanism, that utilizes machine learning or other techniques to filter out the malicious traffic. As for attacking algorithm, most are discussing the algorithm structure rather than payload generation.
Papers on XSS are more novel. Many discuss the payload generation and intelligent fuzzing procedure.
XML vulnerabilities are not well discussed in research domain. One paper in USENIX explained XML Parser Vulnerabilities.
Most of the research papers focus on blackbox situation.
- Survey on API vulnerabilities
- A complete tool that covers the identified vulnerabilities in API scanning (based on the stateful tool)
- Intelligent fuzzing algorithm (library based + some fuzzing algorithm)
- Test the proposed solution against other traditional tools.
Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner: https://www.usenix.org/system/files/conference/usenixsecurity12/sec12-final225.pdf
This is a state-machine based web vulnerability scanner that focuses on fuzzing. The author used w3af fuzzing plugin, so no novel fuzzing methods provided.
Vulnerability Assessment and Penetration Testing of Web Application: https://ieeexplore.ieee.org.remotexs.ntu.edu.sg/stamp/stamp.jsp?tp=&arnumber=8463920
A summary of common checkpoints in web application vulnerability assessment and penetration testing. Similar to other survey paper, a brief summary is provided but no novel methods.
SQL Injection is Still Alive: A Study on SQL Injection Signature Evasion Techniques: https://ieeexplore.ieee.org.remotexs.ntu.edu.sg/stamp/stamp.jsp?tp=&arnumber=6702821
Some encoding bypass technique. Very common and basic techniques in pentest domain. Reading this paper is a waste of time.
Research on SQL Injection Attack and Prevention Technology Based on Web: https://ieeexplore.ieee.org.remotexs.ntu.edu.sg/stamp/stamp.jsp?tp=&arnumber=8912016
Paper with common techniques of SQL Injection types. Those are already well implemented in all kinds of SQL injection toolsets.
A taxonomy of SQL Injection Attacks: https://ieeexplore.ieee.org.remotexs.ntu.edu.sg/stamp/stamp.jsp?tp=&arnumber=6702822
Another research paper introducing the common SQL Injection techniques.
Black-box detection of XQuery injection and parameter tampering vulnerabilities in web applications: https://link.springer.com.remotexs.ntu.edu.sg/content/pdf/10.1007/s10207-016-0359-4.pdf
An interesting paper discussing the methodologies of XQuery injection in web apps. Unfortunately, no novel injection payload generation methods are described.
- L-WMxD: Lexical based Webmail XSS Discoverer: https://ieeexplore.ieee.org.remotexs.ntu.edu.sg/stamp/stamp.jsp?tp=&arnumber=5928954. Blackbox based XSS with payload generation algorithm
- ETSSDetector: a tool to automatically detect CrossSite Scripting vulnerabilities: https://ieeexplore.ieee.org.remotexs.ntu.edu.sg/stamp/stamp.jsp?tp=&arnumber=6924244. The experiment is not really clear and sound. No payload generation algorithms are mentioned.
- SoK: XML Parser Vulnerabilities: https://www.usenix.org/system/files/conference/woot16/woot16-paper-spath.pdf Explain the basics about XML External Entities (XXE).
Penetration Testing = vulnerability discover + consequence analysis + exploit development
web vulnerability assessment = vulnerability discovery
- Pentesting Tool: example: CCS19_IoT_Penetration_Testing_Tool
- Vulnerability discovery/ vulnerability assessment