Web Application Test Suite Data Sheet
Test Suite:
Web Application Test Suite
Direction:
Server

The Web Application Test Suite is a Defensics test suite designed for testing the robustness of web application implementations. It attempts to discover bugs in tested implementations by sending them invalid, incorrect, and malformed data and data structures. The test suite is intended strictly for automated black-box negative testing in an isolated lab environment.

Used specifications

Specification
Title
Notes
RFC1945
Hypertext Transfer Protocol -- HTTP/1.0
RFC2183
Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field
RFC2388
Returning Values from Forms: multipart/form-data
RFC2616
Hypertext Transfer Protocol -- HTTP/1.1
RFC3986
Uniform Resource Identifier (URI): Generic Syntax
RFC4627
The application/json Media Type for JavaScript Object Notation (JSON)
RFC6265
HTTP State Management Mechanism
RFC7230
Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
RFC7231
Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content
RFC7232
Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests
RFC7233
Hypertext Transfer Protocol (HTTP/1.1): Caching
RFC7234
Hypertext Transfer Protocol (HTTP/1.1): Range Requests
RFC7235
Hypertext Transfer Protocol (HTTP/1.1): Authentication
RFC7519
JSON Web Token (JWT)
RFC7540
Hypertext Transfer Protocol Version 2 (HTTP/2)
RFC7616
HTTP Digest Access Authentication
RFC5849
OAuth 1.0 Protocol
RFC6749
The OAuth 2.0 Authorization Framework
RFC6750
The OAuth 2.0 Authorization Framework: Bearer Token Usage
OpenID Authentication 2.0 - Final

Tool-specific information

Supported SafeGuard Checks

Blind LDAP Injection

Blind SQL Injection

CORS misconfiguration

Credentials in Query Strings

Cross-site request forgery

Cross-site scripting

File path traversal injection

Information leakage

LDAP injection in response

Malformed HTTP

Missing cookie attribute

Remote Execution

Session cookie in URL

SQL injection in response

Unexpected data

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis
Contact Us
©2025 Black Duck Software, Inc. All Rights Reserved