Automating Web Application Security Testing for Enhanced Efficiency and Coverage

Forward Security is a cybersecurity firm focused on helping clients identify and mitigate application-level vulnerabilities. One of their current innovation priorities is improving the efficiency and accuracy of manual security testing practices by leveraging automation, particularly in alignment with the OWASP Application Security Verification Standard (ASVS), a globally recognized framework for secure software development and verification. Traditionally, application security assessments—especially those using tools like Burp Suite and OWASP ZAP require significant manual effort to validate controls across ASVS categories. This creates operational bottlenecks and inconsistencies, especially as testing scales across multiple projects or teams. The challenge is to build intelligent automation tools that integrate seamlessly into existing security workflows while providing reliable, standards-aligned assessments. This is not part of the organization’s core product development or day-to-day consulting operations, but rather a strategic enhancement aimed at increasing internal capability and possibly contributing back to the security community. To solve this challenge, the partner organization requires an intern with a rare combination of technical skills: understanding of application security, familiarity with the OWASP ASVS, hands-on experience with the Burp Suite API, and the ability to write extensible, production-grade code in Java and/or Python.

Faculty Supervisor:

Mohammad Tayebi

Student:

Partner:

Forward Security

Discipline:

Computer science

Sector:

Professional, scientific and technical services

University:

Simon Fraser University

Program: