YuraScanner: Leveraging LLMs for Task-driven Web App Scanning
Aleksei Stafeev
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · Web Security
This talk introduces **YuraScanner**, a groundbreaking, fully automated, and task-driven web application scanner designed to overcome the limitations of traditional blackbox testing tools. Presented by Tim Reinvald, a master student at Zanat University in Germany and part of a research group at Cispa, YuraScanner leverages Large Language Models (LLMs) to intelligently navigate and interact with web applications. The core motivation behind this innovation stems from the observed struggle of conventional scanners to explore the deeper states of modern web applications, which often involve complex multi-step workflows.
AI review
Solid academic research with real empirical results: 12 zero-days found in production apps at depths traditional scanners can't reach, with a clean modular architecture and an open-source release. A master's student doing work that makes tool vendors uncomfortable is exactly what NDSS should be platforming.