WASAT- A new web authorization security analysis tool

Abstract

WASAT (Web Authentication Security Analysis Tool) is an intuitive and complete application designed for the assessment of the security of different web related authentication schemes, namely Basic Authentication and Forms-Based Authentication. WASAT is able to mount dictionary and brute force attacks of variable complexity against the target web site. Password files incorporate a syntax to generate different password search spaces. An important feature of this tool is that low-signature attacks can be performed in order to avoid detection by anti-brute-force mechanisms. This tool is platform-independent and multithreading too, allowing the user to take control of the program speed. WASAT provides some features not included in many of the existing similar applications and hardly any of their drawbacks, making this tool an excellent one for security analysis. © 2010 Springer-Verlag.