A project by
Singapore Institute of Technology
and PayPal

Motivation

Web application attacks are increasing in number and growing in sophistication. Due to various needs to support today’s digital world & business process, web, APIs and mobile apps are growing in number and scale. In particular, cyber-attacks are increasing in the web layer, posing an easy target for attackers. Vulnerabilities such as command Injection, Server Sider Request Forgery, Cross-Site Scripting, and XML External Entities are some common examples.

Currently, there is no common industry standard for a web security payload template and an approach which security community, researchers & companies can contribute and rely on to test any web applications, APIs and mobile apps.

This project will build a single standard open source collaboration for application security repository and tools. Although different open source and commercial web security scanners are available, this project can benefit the various IT industries including Singaporean industries such as MedTech, Fintech and GovTech. Start-ups and Small Medium Enterprises (SMEs) in particular can use this readily available and validated open source tool to scan web apps for security vulnerabilities using a standard approach and with updated payloads from the security community.