Abstract
Black-box web vulnerability scanners are a class of tools that can be used to identify security issues in web applications. These tools are often marketed as “point-and-click pentesting” tools that automatically evaluate the security of web applications with little or no human support.These tools access a web application in the same way users do, and, therefore, have the advantage of being independent of the particular technology used to implement the web application.
However, these tools need to be able to access and test the application’s various components, which are often hidden behind forms, JavaScript-generated links,and Flash applications.This paper presents an evaluation of eleven black-box web vulnerability scanners,both commercial and open source. The evaluation composes different types of vulnerabilities with different challenges to the crawling capabilities of the tools.These tests are integrated in a realistic web application.The results of the evaluation show that crawling is a task that is as critical and challenging to the overall ability to detect vulnerabilities as the vulnerability detection techniques themselves,and that many classes of vulnerabilities are completely overlooked by these tools, and thus research is required to improve the automated detection of these flaws.
Download PDF
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “An Analysis of Black-box Web Vulnerability Scanners”
Leave a reply