Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
DIMVA
2010
2010
Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners
Black-box web vulnerability scanners are a class of tools that can be used to identify security issues in web applications. These tools are often marketed as "point-and-click pentesting" tools that automatically evaluate the security of web applications with little or no human support. These tools access a web application in the same way users do, and, therefore, have the advantage of being independent of the particular technology used to implement the web application. However, these tools need to be able to access and test the application's various components, which are often hidden behind forms, JavaScript-generated links, and Flash applications. This paper presents an evaluation of eleven black-box web vulnerability scanners, both commercial and open-source. The evaluation composes different types of vulnerabilities with different challenges to the crawling capabilities of the tools. These tests are integrated in a realistic web application. The results of the evaluat...
Real-time TrafficBlack-box Web Vulnerability | Computer Networks | DIMVA 2010 | Web Application | Web Vulnerability Scanners |
| Added | 29 Oct 2010 |
| Updated | 29 Oct 2010 |
| Type | Conference |
| Year | 2010 |
| Where | DIMVA |
| Authors | Adam Doupé, Marco Cova, Giovanni Vigna |
Comments (0)
Researcher Info
|
