BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.securityfest.com//academic-village-2026//talk//BVW7L
 Y
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-academic-village-2026-BVW7LY@cfp.securityfest.com
DTSTART;TZID=CET:20260527T141500
DTEND;TZID=CET:20260527T143500
DESCRIPTION:Black-box web application crawling and scanning play an importa
 nt role for security testing of web applications. Yet state-of-the-art sca
 nners fall short of addressing key characteristics of a modern web applica
 tion: its extreme dynamism and interactivity on the client side. This pape
 r identifies immersive\ninteraction as a key ingredient for scanners to de
 eply explore modern web applications. We propose SpiderSapien\, a client-c
 entric crawler and security scanner. SpiderSapien incorporates a unique co
 mbination of high-level\, user-facing feedback channels from the web appli
 cation to achieve immersive interaction in a black-box crawling loop. Thes
 e feedback channels include both novel methods to detect interactable elem
 ents and sensibly order UI interactions\, and orthogonally using an LLM to
  solve forms. In\ndoing so\, we demonstrate how to reliably discover and t
 est deep states of modern web applications. Furthermore\, our modular appr
 oach and useful abstraction layer can serve as a building block for future
  scanners. The evaluation of our approach shows substantial improvements i
 n both code coverage and vulnerability detection over previous work. Our a
 pproach increased average code coverage across applications by at least 46
 % over any other scanner\, or 16% when compared to the union of all other\
 nscanners. We find XSS vulnerabilities in 7 web applications\, while any o
 ther scanner finds XSS in up to 2 applications.
DTSTAMP:20260628T104505Z
LOCATION:Taube Room
SUMMARY:SpiderSapien: Client-Centric Web Crawler and Security Scanner - Eri
 c Olsson
URL:https://cfp.securityfest.com/academic-village-2026/talk/BVW7LY/
END:VEVENT
END:VCALENDAR