Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
HICSS
2008
IEEE
2008
IEEE
Building a Test Suite for Web Application Scanners
This paper describes the design of a test suite for thorough evaluation of web application scanners. Web application scanners are automated, black-box testing tools that examine web applications for security vulnerabilities. For several common vulnerability types, we classify defense mechanisms that can be implemented to prevent corresponding attacks. We combine the defense mechanisms into ''levels of defense'' of increasing strength. This approach allows us to develop an extensive test suite that can be easily configured to switch on and off vulnerability types and select a level of defense. We evaluate the test suite experimentally using several web application scanners, both open-source and proprietary. The experiments suggest that the test suite is effective at distinguishing the tools based on their vulnerability detection rate; in addition, its use can suggest areas for tool improvement.
Real-time TrafficBiometrics | Defense Mechanisms | HICSS 2008 | System Sciences | Test Suite | Web Application Scanners |
Related Content
| Added | 29 May 2010 |
| Updated | 29 May 2010 |
| Type | Conference |
| Year | 2008 |
| Where | HICSS |
| Authors | Elizabeth Fong, Romain Gaucher, Vadim Okun, Paul E. Black, Eric Dalci |
Comments (0)
Researcher Info
|
