SecuBat has a flexible architecture that consists of multithreaded
crawling, attack, and analysis components. With
the help of a graphical user interface, the user can configure
single or combined crawling and attack runs. In our prototype
implementation, we currently provide four different
attack components: SQL Injection, Simple Reflected XSS
Attack, Encoded Reflected XSS Attack and Form-Redirecting
XSS Attack. In addition, we provide an Application Programming
Interface (API) that enables developers to implement
their own modules for launching other desired attacks.
The main contributions of this paper are as follows: