Explore advanced web application security techniques in this 39-minute conference talk from AppSecEU 2014. Dive into ActiveScan++, an open-source Python plugin for Burp Suite that enhances active scanning capabilities. Learn how to identify complex vulnerabilities in real-world applications, including host header poisoning, relative path overwrites, and code injection. Discover the mechanics behind these attacks, automated detection methods, and exploitation techniques. Gain insights into current research on detecting suspicious behavior using platform-independent payload sets and fuzzy pattern matching. Witness the first public release of this open-source tool and understand its potential to revolutionize automated vulnerability hunting in web security testing.