Authentication Web Pages with Selenium

Since Tim Berners-Lee published the HTTP/0.9 in 1990, web applications have been developed and have, especially in the modern age, an increasingly commercial relevance. This makes it interesting for third persons like attackers to search for weak points. This bachelor thesis focusses on authentication web pages, which typically verify a user against a system. We will focus on basic principles concerning authentication web pages and afterwards we will make a vulnerability analysis based on that. After specifying common attack vectors, we will use the open source web application testing system Selenium as a proof of concept. The Selenium IDE is used to create a test suite with test cases which prove security aspects of web pages with one click automatically. Furthermore, Selenium Remote Control is used to show, among other things, with a dictionary attack how the testing system can be used as an attack tool.