The operation of web analysis tools (e.g., web security testing engines) may be based on an initial crawling stage, where the web analysis tool may explore the subject web component (e.g., web application, web service, network service, etc.), and attempt to record as much of the interaction surface as possible. The coverage by the web analysis tool for the web component may depend on such things as, e.g., the quality of its crawling capabilities. For example, if the crawling capabilities are limited, thereby missing large (e.g., relevant) portions of the web component's functionality (e.g., web pages in a website), then the subsequent analysis stage may similarly be limited and incomplete.
For instance, some dynamic web analysis tools may have simple crawling heuristics, and may be backed by complex and tedious user configurations. For example, some dynamic web analysis tools may use default values, e.g., when filling fields of an HTML form, as well as allowing a user to manually specify other values, along with a regular expression for a field identifier, such that if the regular expression matches a field name in the form, then the value provided by the user may be used. As such, use of such dynamic web analysis tools may be onerous to the user, reduce the quality of crawling, and thus reduce the coverage achieved by the analysis.