Synopsys Completes Acquisition of WhiteHat Security Learn More

close search bar

Sorry, not available in this language yet

close language selection
Web Application Test Suite Data Sheet
Test Suite:
Web Application Test Suite
Direction:
Server

The Web Application Test Suite is used for testing web applications. The suite requires a capture from a web browsing session which is then anomalized and driven against the target web application.

Used specifications

Specification
Title
RFC1945

Hypertext Transfer Protocol -- HTTP/1.0

RFC2183

Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field

RFC2388

Returning Values from Forms: multipart/form-data

RFC2616

Hypertext Transfer Protocol -- HTTP/1.1

RFC3986

Uniform Resource Identifier (URI): Generic Syntax

RFC4627

The application/json Media Type for JavaScript Object Notation (JSON)

RFC6265

HTTP State Management Mechanism

RFC7230

Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing

RFC7231

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

RFC7232

Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests

RFC7233

Hypertext Transfer Protocol (HTTP/1.1): Caching

RFC7234

Hypertext Transfer Protocol (HTTP/1.1): Range Requests

RFC7235

Hypertext Transfer Protocol (HTTP/1.1): Authentication

RFC7519

JSON Web Token (JWT)

RFC7540

Hypertext Transfer Protocol Version 2 (HTTP/2)

RFC5849

OAuth 1.0 Protocol

RFC6749

The OAuth 2.0 Authorization Framework

RFC6750

The OAuth 2.0 Authorization Framework: Bearer Token Usage

OpenID Authentication 2.0 - Final

Tool-specific information

Supported SafeGuard Checks

Blind LDAP Injection

Blind SQL Injection

CORS misconfiguration

Credentials in Query Strings

Cross-site request forgery

Cross-site scripting

File path traversal injection

Information leakage

LDAP injection in response

Malformed HTTP

Missing cookie attribute

Remote Execution

Session cookie in URL

SQL injection in response

Unexpected data

Test tool general features
  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI command line remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis