3,012 Hits in 6.0 sec

A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions

Jahanzeb Shahid, Muhammad Khurram Hameed, Ibrahim Tariq Javed, Kashif Naseer Qureshi, Moazam Ali, Noel Crespi
2022 Applied Sciences  
The evaluation is based on an extracted list of vulnerabilities from OWASP (Open Web Application Security Project).  ...  A publicly available web application vulnerability scanner is a computer program that assesses web application security by employing automated penetration testing techniques that reduce the time, cost,  ...  [43] published an article based on a comparative assessment of the performance of an open-source web vulnerability scanner.  ... 
doi:10.3390/app12084077 fatcat:2bid2347fbfb5ihjqminpysaji

Evaluation of Open Source Web Application Vulnerability Scanners

Himli S. Abdullah
2020 Academic Journal of Nawroz University  
Therefore, there is an exigent need for web application vulnerability scanners.  ...  In this study, we evaluate two open source web application vulnerability scanners Paros and OWASP Zed Attack Proxy (OWASP ZAP) by testing them against two vulnerable web applications buggy web application  ...  Evaluation and testing of several free/open source web vulnerability scanners, 10th Conference for Informatics and Information Technology, Bitola, Macedonia, 2013. 8. Jiménez R. (2016).  ... 
doi:10.25007/ajnu.v9n1a532 fatcat:rgohbgcmqbg4lnma24iq4nukvu


Oripov Rustamjon Kholdorali Ugli
2022 Zenodo  
Throughout this article, you can learn about Web Vulnerability Scanners and general concepts about choosing the right ones. general information and their working principles, including what components they  ...  The article is not primarily about choosing scanners that detect vulnerabilities because it also provides assumptions about what choices we should make depending on the type of vulnerability.  ...  Additionally, ZAP is a free Open Source cross-platform scanner that is becoming a framework for advanced web application vulnerability testing [1] .  ... 
doi:10.5281/zenodo.6605120 fatcat:zyt4trp6brfmpfij74kc3lls6q

An Integrated Approach Towards Vulnerability Assessment & Penetration Testing for a Web Application

K Siva Prasad, Dr K. Raja Sekhar, Dr P. Rajarajeswari
2018 International Journal of Engineering & Technology  
This paper suggests an integrated approach of assessing the vulnerabilities in any web application using free and open source tools where the reports are generated with respect to vulnerabilities and their  ...  The identified vulnerabilities are therefore exploited for testing the penetrations of a web application.  ...  Arachni web Vulnerability scanner Arachni is Ruby framework aimed towards helping penetration testers evaluate the security of modern web applications. Its source code public and available for review.  ... 
doi:10.14419/ijet.v7i2.32.15733 fatcat:xp7aq3ntfbc7jnna2ynsix23li

Building a Test Suite for Web Application Scanners

Elizabeth Fong, Romain Gaucher, Vadim Okun, Paul E. Black, Eric Dalci
2008 Proceedings of the 41st Annual Hawaii International Conference on System Sciences (HICSS 2008)  
We evaluate the test suite experimentally using several web application scanners, both open-source and proprietary.  ...  Web application scanners are automated, black-box testing tools that examine web applications for security vulnerabilities.  ...  Acknowledgement We thank Will Guthrie for many helpful suggestions on this paper, Stephano Di Paola and Anurag Agarwal for their technical review.  ... 
doi:10.1109/hicss.2008.79 dblp:conf/hicss/FongGOBD08 fatcat:uaxhmy7znrdt7gjwhuwptpzxda

Web Application Scanners: Definitions and Functions

Elizabeth Fong, Vadim Okun
2007 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07)  
This paper identifies a taxonomy of software security assurance tools and defines one type of tool: web application scanner, i.e., an automated program that examines web applications for security vulnerabilities  ...  We describe the types of functions that are generally found in a web application scanner and how to test it.  ...  Black, and Eric Dalci for improving our understanding of web application scanners and many helpful suggestions on this paper. We also thank the anonymous reviewers for their insightful comments.  ... 
doi:10.1109/hicss.2007.611 dblp:conf/hicss/FongO07 fatcat:xqku6sqcpjfibekwo2yal6ttfq

The approaches to quantify web application security scanners quality: a review

Lim Kah Seng, Norafida Ithnin, Syed Zainudeen Mohd Said
2018 International Journal of Advanced Computer Research  
Acknowledgment We would like to express our gratitude to Dr Nilashi Mesbah for his contribution in sharing the knowledge.  ...  WackoPicko, PCI, MatchIt, W-VST, Scan-bed W4 Open-source web application framework The open-access framework that supports web application development.  ...  Figure 8 showed 45.6% of experiment methodologies benchmark web application security scanner"s quality with open-source web application framework, while 17.3% and 16.3% of experimental methodologies  ... 
doi:10.19101/ijacr.2018.838012 fatcat:ta2yr6f2dvcvpiaon5xnmug4i4

The use of application scanners in software product quality assessment

Stefan Wagner
2011 Proceedings of the 8th international workshop on Software quality - WoSQ '11  
One way of automation in assessing the security of software are application scanners that test an executing software for vulnerabilities.  ...  Its applicability and the detection capabilities of common scanners are investigated in a case study with two open-source web shops.  ...  Acknowledgements I am grateful to Elmar Juergens for helpful suggestions on the manuscript.  ... 
doi:10.1145/2024587.2024597 dblp:conf/sigsoft/000111 fatcat:ebp5fo2xhzhttadesw7s7vbgra


S. Jayamoorthy, C. Thirumalaivasan, P. Yogeshwar, S. Sainath
2020 International Journal of Engineering Applied Sciences and Technology  
is an NGO (Non-Governmental Organization) for universal Web Application Security.  ...  The scanner uses crawling Operation to detect the web application end points, vulnerable input parameters and evaluating whether the input parameter is Vulnerable to exploit or not by executing harmless  ...  The scanner uses technology detecting mechanism like Wapplyzer (Web application protocol analyzer), an open-source program to detect the technology like HTML, JS (Java Script), ORACLE DATABASE and carry  ... 
doi:10.33564/ijeast.2020.v04i10.011 fatcat:34amhx7okbh35m7igqflu54viu

An Integrated Approach for Detecting Security Vulnerabilities in Web Applications: A Theoretical Perspective

Richard Amankwah, Patrick Kwaku, Beatrice Korkor, Kofi Mensah, Bright Brew, Samuel Yeboah
2018 International Journal of Computer Applications  
Lastly, we present the theoretical framework for detecting web application vulnerabilities based on the proposed model.  ...  Previous studies have suggested both commercial and open source tools such as Ashcan, Web Inspect, Web King, Skipfish, and OWASP ZAP just to mention but a few to help mitigate against this security gaps  ...  Figure: 2 Simplified view of a web application WEB APPLICATION SCANNERS A web application scanner is an automated program that examines web applications for security vulnerabilities [18] .  ... 
doi:10.5120/ijca2018918079 fatcat:i4oayruv6jfdrgnkobhrq7nvhu

UBCIS: Ultimate Benchmark for Container Image Scanning

Shay Berkovich, Jeffrey Kam, Glenn Wurster
2020 USENIX Security Symposium  
Both commercial and open-source tools exist for container image scanning. Results from these scanners, however, are inconsistent.  ...  In this paper, we present the Ultimate Benchmark for Container Image Scanning (UB-CIS), a benchmark for evaluating image scanners.  ...  Our contributions are 1) a benchmark tool for container scanner evaluation; 2) an evaluation of three popular scanners on common container images; 3) a vulnerability judging process for classifying vulnerabilities  ... 
dblp:conf/uss/BerkovichKW20 fatcat:72hzqose2jcr5dxvs3g7zxexx4

Evaluation of Black-Box Web Application Security Scanners in Detecting Injection Vulnerabilities

Muzun Althunayyan, Neetesh Saxena, Shancang Li, Prosanta Gope
2022 Electronics  
To find web vulnerabilities before an attacker, security experts use black-box web application vulnerability scanners to check for security vulnerabilities in web applications.  ...  Most studies have evaluated these black-box scanners against various vulnerable web applications. However, most tested applications are traditional (non-dynamic) and do not reflect current web.  ...  Moreover, it provides an automated scan for quick tests and has an intercepting proxy component [41] . • Skipfish is a free and open-source vulnerability scanner that prepares an interactive sitemap for  ... 
doi:10.3390/electronics11132049 fatcat:2ws2opko3fhwheczy7ug5gsr4u

Web Unique Method (WUM): An Open Source Blackbox Scanner for Detecting Web Vulnerabilities

Muhammad Noman, Muhammad Iqbal, Muhammad Talha, Vishal Jain, Hira Mirza, Kamran Rasheed
2017 International Journal of Advanced Computer Science and Applications  
However, these scanners cannot challenge all web vulnerabilities.  ...  The distributed and open nature of internet attracts hackers to interrupt the smooth services of web applications.  ...  This research presents an open source web vulnerability scanner that use black box technique to carry out crawling and scanning for websites, to effectively detect the presence of  ... 
doi:10.14569/ijacsa.2017.081254 fatcat:lspa4wvsubcshnydczasi5ylze

Web Applications Security and Vulnerability Analysis Financial Web Applications Security Audit – A Case Study

Tiago Vieira, Carlos Serrão
2016 International Journal of Innovative Business Strategies  
To help in security matters, many organizations build security frameworks for vulnerability assessment, security assessment, threat modeling, penetration testing, risk management and many more.  ...  This article focus on the analysis of the results of security audits conducted on several financial web applications from one institution with aid of automatic tools in order to assess their web applications  ...  This is the forth release of this open source web testing framework created and maintained by OWASP.  ... 
doi:10.20533/ijibs.2046.3626.2016.0014 fatcat:qnxgm6pz2ngwrneqtdbrltjbsy

Web Penetration Testing using Nessus and Metasploit Tool

Indraneel Mukhopadhyay, Shilpam Goswami, Eshita Mandal
2014 IOSR Journal of Computer Engineering  
Web Penetration Testing is a tool that is being used widely to see how the website reacts when an vulnerability attack is done.  ...  We have done a survey of some of the web penetration tools that are available and then we have proposed a architecture using nesus and metasploit tool to do scan vulnerabilities of an website.  ...  Penetration testers typically use a range of commercial and open-source tools to automate the generation of attacks.  ... 
doi:10.9790/0661-1634126129 fatcat:7rx77efoqzct7dbfunbn643cya
« Previous Showing results 1 — 15 out of 3,012 results