CFP last date
20 June 2024
Call for Paper
July Edition
IJCA solicits high quality original research papers for the upcoming July edition of the journal. The last date of research paper submission is 20 June 2024

Submit your paper
Know more
Reseach Article

Assessment of Web Scanner Tools

by Rawaa Mohammed
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 133 - Number 5
Year of Publication: 2016
Authors: Rawaa Mohammed
10.5120/ijca2016907794

Rawaa Mohammed . Assessment of Web Scanner Tools. International Journal of Computer Applications. 133, 5 ( January 2016), 1-4. DOI=10.5120/ijca2016907794

@article{ 10.5120/ijca2016907794,
author = { Rawaa Mohammed },
title = { Assessment of Web Scanner Tools },
journal = { International Journal of Computer Applications },
issue_date = { January 2016 },
volume = { 133 },
number = { 5 },
month = { January },
year = { 2016 },
issn = { 0975-8887 },
pages = { 1-4 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume133/number5/23779-2016907794/ },
doi = { 10.5120/ijca2016907794 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T23:30:17.658439+05:30
%A Rawaa Mohammed
%T Assessment of Web Scanner Tools
%J International Journal of Computer Applications
%@ 0975-8887
%V 133
%N 5
%P 1-4
%D 2016
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Nowadays the security of web applications becomes a serious problem because of the impact of its vulnerability, so a previous consideration should be taken to diminish its harmful effect. One of the most important tools used to test the security of the web is web security scanner which is a tool that can be used by the penetration tester to give clear indication of the weakness by detecting the vulnerabilities of web pages like SQL injection, XSS attack. While the importance of web scanners are so obvious, but there effectiveness and differences need to be evaluated to find the flaws, limitations and distinguish between them. In this paper an analytical comparison is present on six open source web scanners by using manual and automatic testing of the chosen test beds then analyzing these results to assess the scanners.

References
  1. Fakhreldeen A. and Eltyeb E., “Assessment of Open Source Web Application Security Scanners”, College of Computer Science and Information Technology, KAU, Khulais, Saudi Arabia, march 2014.
  2. Pakorn I., “A Comparative Study of Security Vulnerabilities in Responsive Web Design Framework”, Malardalen University School of Innovation Design and Engineering, June 2015.
  3. Sneha P., “Vulnerability Checker for Infosecurity”, SRM University, 2013.
  4. Fakhreldeen A., “Using WASSEC to Evaluate Commercial Web Application Security Scanners”, International Journal of Soft Computing and Engineering (IJSCE), 2014.
  5. Kinnaird M., “Open Source Web Vulnerability Scanners”, Marymount University, 2014.
  6. David A. Shelly, “Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners”, Faculty of the Virginia Polytechnic Institute and State University, July 2010.
  7. Yuliana M., “Security Evaluation of Web ApplicationVulnerability Scanners’ Strengths and Limitations Using Custom Web Application”, California State University, October 2012.
  8. XiaoweiLi and YuanXue, “BLOCK: A Black-box Approach for Detection of State Violation Attacks towards Web Applications”, Vanderbilt University, 2011.
  9. Mikko V.,” An Evaluation of Free Fuzzing Tools”, University of Oulu Department of Information Processing, May 2015.
Index Terms

Computer Science
Information Sciences

Keywords

False Positive False Negative evaluation analysis.