OWASP OWTF - Comprehensive Upgrade For Modern Web Penetration Testing

The Offensive Web Testing Framework (OWTF) is a tool that allows penetration testers to quickly automate security tests that follows standards like OWASP Testing Guide and NIST, picks up low-hanging fruits and reconnaissance/enumeration data easily. This allows the security testers to leverage the gathered information to look for high impact bugs and vulnerabilities. For this goal to stay true, the plugins of the tool must be able to keep up with changes in Web Development Practices and new Tactics, Techniques and Procedures (TTP). Being around for more than a decade, a lot of OWTF’s tools need reconfiguration to be best utilized, while many new state-of-the-art tools are missing from the framework. This GSoC project aims to target the issue mentioned above by researching modern Web Penetration Testing Guidelines, upgrading and reconfiguring existing plugins and adding new suitable ones. The Wiki of the project will also be upgraded to reflect the changes. Finally, all core features are tested to find bugs, which will be analyzed and fixed according.