Some applications, such as web applications, may be subjected to attacks by, e.g., hackers. For instance, injection attacks may be used to attack web applications. An example of an injection attack may include cross-site scripting (XSS)—a vulnerability that may allow attackers to bypass a client-side security mechanism and gain elevated access-privileges to sensitive information. Security scanners, such as a dynamic, automated web application security scanner, may be used to identify XSS vulnerabilities, as well as other injection vulnerabilities (e.g., command injection).
Testing may be conducted by a large group of testers (or teams of testers), often located in different geographical locations and/or time zones. When multiple testers are involved in testing vulnerabilities of a web application, at least some degree, if not a great deal, of redundancy may occur as a result of overlap between test run on the same web application by different testers. For example, the coverage data may not always be visible to the testers. As a general example, it may be difficult for other testers in the group to quantify the degree to which payloads that some testers may have attempted thus far, that cover the attack surface for the web application that the group may be testing. In the example, efficiently continuing the testing process between the testers may be impeded.