EvoCrawl: Exploring Web Application Code and State using Evolutionary Search
Xiangyu Guo
Network and Distributed System Security (NDSS) Symposium 2025 · Day 1 · Mobile Security
Modern web applications present significant challenges for security scanners, particularly those operating in a blackbox manner without access to source code. This talk introduces EvoCrawl, an innovative blackbox web application scanner designed to overcome these limitations by intelligently exploring application code and state. Developed at the University of Toronto, EvoCrawl leverages an **evolutionary search algorithm** combined with **dependency tracking** to navigate the complex landscape of web application interactions, aiming to achieve superior code coverage and, consequently, more effective vulnerability detection.
AI review
Solid academic systems paper presenting a real engineering contribution — evolutionary search plus dependency tracking for stateful blackbox web crawling is a legitimate and non-trivial idea. The results are credible and the problem framing is honest, but this is a conference proceedings presentation, not a practitioner security talk, and the gap between the research artifact and anything a defender can actually use tomorrow is wide.