Call for Paper - March 2023 Edition
IJCA solicits original research papers for the March 2023 Edition. Last date of manuscript submission is February 20, 2023. Read More

Assessment of Web Scanner Tools

Print
PDF
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2016
Authors:
Rawaa Mohammed
10.5120/ijca2016907794

Rawaa Mohammed. Article: Assessment of Web Scanner Tools. International Journal of Computer Applications 133(5):1-4, January 2016. Published by Foundation of Computer Science (FCS), NY, USA. BibTeX

@article{key:article,
	author = {Rawaa Mohammed},
	title = {Article: Assessment of Web Scanner Tools},
	journal = {International Journal of Computer Applications},
	year = {2016},
	volume = {133},
	number = {5},
	pages = {1-4},
	month = {January},
	note = {Published by Foundation of Computer Science (FCS), NY, USA}
}

Abstract

Nowadays the security of web applications becomes a serious problem because of the impact of its vulnerability, so a previous consideration should be taken to diminish its harmful effect. One of the most important tools used to test the security of the web is web security scanner which is a tool that can be used by the penetration tester to give clear indication of the weakness by detecting the vulnerabilities of web pages like SQL injection, XSS attack. While the importance of web scanners are so obvious, but there effectiveness and differences need to be evaluated to find the flaws, limitations and distinguish between them. In this paper an analytical comparison is present on six open source web scanners by using manual and automatic testing of the chosen test beds then analyzing these results to assess the scanners.

References

  1. Fakhreldeen A. and Eltyeb E., “Assessment of Open Source Web Application Security Scanners”, College of Computer Science and Information Technology, KAU, Khulais, Saudi Arabia, march 2014.
  2. Pakorn I., “A Comparative Study of Security Vulnerabilities in Responsive Web Design Framework”, Malardalen University School of Innovation Design and Engineering, June 2015.
  3. Sneha P., “Vulnerability Checker for Infosecurity”, SRM University, 2013.
  4. Fakhreldeen A., “Using WASSEC to Evaluate Commercial Web Application Security Scanners”, International Journal of Soft Computing and Engineering (IJSCE), 2014.
  5. Kinnaird M., “Open Source Web Vulnerability Scanners”, Marymount University, 2014.
  6. David A. Shelly, “Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners”, Faculty of the Virginia Polytechnic Institute and State University, July 2010.
  7. Yuliana M., “Security Evaluation of Web ApplicationVulnerability Scanners’ Strengths and Limitations Using Custom Web Application”, California State University, October 2012.
  8. XiaoweiLi and YuanXue, “BLOCK: A Black-box Approach for Detection of State Violation Attacks towards Web Applications”, Vanderbilt University, 2011.
  9. Mikko V.,” An Evaluation of Free Fuzzing Tools”, University of Oulu Department of Information Processing, May 2015.

Keywords

False Positive, False Negative, evaluation, analysis.