Autowasp

Autowasp, a Burp Suite extension that integrates Burp issues logging, with OWASP Web Security Testing Guide (WSTG), to provide a streamlined web security testing flow for the modern-day penetration tester! This tool will guide new penetration testers to understand the best practices of web application security and automate OWASP WSTG checks.

Currently, Autowasp supports the following functionalities:

• Testing checklist provided by OWASP WSTG
• Logger tool giving penetration testers the ability to extract and consolidate Burp Scanner issues and Proxy/Repeater/Intruder logs.
• Map flagged issues to checklist and generate into excel file

A general testing workflow using Autowasp would include the following steps:

1. Display the OWASP checklist in Autowasp for reference.
2. Add the target URL to Scope. The scope function will extract related results from Burp Scanner and listen for insecure web request and responses.
3. Map the scan issues to specific test cases in the checklist. OR
4. Manually explore the website's pages, then click Enable Burp Scanner Logging to display the scanner issues under the Logger tab.
5. Map findings to the checklist.
6. Insert security observations and evidence associated with the logs.
7. Generate a report containing the checklist, logs, evidence, and comments.