Online citations, reference lists, and bibliographies.

Why Johnny Can't Pentest: An Analysis Of Black-Box Web Vulnerability Scanners

A. Doupé, M. Cova, G. Vigna
Published 2010 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Black-box web vulnerability scanners are a class of tools that can be used to identify security issues in web applications. These tools are often marketed as "point-and-click pentesting" tools that automatically evaluate the security of web applications with little or no human support. These tools access a web application in the same way users do, and, therefore, have the advantage of being independent of the particular technology used to implement the web application. However, these tools need to be able to access and test the application's various components, which are often hidden behind forms, JavaScript-generated links, and Flash applications. This paper presents an evaluation of eleven black-box web vulnerability scanners, both commercial and open-source. The evaluation composes different types of vulnerabilities with different challenges to the crawling capabilities of the tools. These tests are integrated in a realistic web application. The results of the evaluation show that crawling is a task that is as critical and challenging to the overall ability to detect vulnerabilities as the vulnerability detection techniques themselves, and that many classes of vulnerabilities are completely overlooked by these tools, and thus research is required to improve the automated detection of these flaws.
This paper references
To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads
Sam Small (2008)
SecuBat: a web vulnerability scanner
Stefan Kals (2006)
Open Web Application Security Project ( OWASP ) : OWASP SiteGenerator
H. Peine (2008)
Foundstone : Hacme Bank v 2 . 0
J. Grossman
Security Test Tools for Web Applications
H Peine (2006)
Multi-module vulnerability analysis of web-based applications
D. Balzarotti (2007)
Web application security assessment tools
Mark Curphey (2006)
AnantaSec: Web Vulnerability Scanners Evaluation
RSnake: Sql injection cheat sheet. 19. RSnake: XSS (Cross Site Scripting) Cheat Sheet
Challenges of Automated Web Application Scanning
J Grossman (2004)
Analyzing the Effectiveness and Coverage of Web Application Security Scanners
L Suto (2007)
Using web security scanners to detect vulnerabilities in web services
Marco Vieira (2009)
Analyzing the Effectiveness and Coverage of Web Application Security Scanners (October 2007), case Study
L. Suto (2007)
OWASP Top Ten Project
Open Web Application Security Project OWASP (2010)
Analyzing the Accuracy and Time Costs of Web Application Security Scanners
L Suto (2010)
Web Application Vulnerability Scanners—a Benchmark
A Wiegenstein (2006)
Leveraging User Interactions for In-Depth Testing of Web Applications
Sean McAllister (2008)
All Your iFRAMEs Point to Us
Niels Provos (2008)
CVE: Common Vulnerabilities and Exposures

This paper is referenced by
Chapter 23 – Analysis and Development of Green-Aware Security Mechanisms for Modern Internet Applications
L. Caviglione (2013)
Formalisation et génération d'injections
Eric Alata (2014)
Detecting Vulnerabilities in Web Applications Using Automated Black Box and Manual Penetration Testing
Nor Fatimah Awang (2013)
XSS Peeker: A Systematic Analysis of Cross-site Scripting Vulnerability Scanners
Enrico Bazzoli (2014)
Improving the Adoption of Dynamic Web Security Vulnerability Scanners
Y. R. Smeets (2015)
Locality-Sensitive Hashing for Efficient Web Application Security Testing
Ilan Ben-Bassat (2019)
Analysis of Automated Web Application Security Vulnerabilities Testing
Pariwish Touseef (2019)
MobSTer: A model-based security testing framework for web applications
Michele Peroli (2018)
Designing vulnerability testing tools for web services: approach, components, and tools
N. Antunes (2016)
Static Detection of Logic Vulnerabilities in Java Web Applications
Z. Fang (2012)
Penetration Testing for Web Services
N. Antunes (2014)
Risk-Driven Vulnerability Testing: Results from eHealth Experiments Using Patterns and Model-Based Approach
Alexandre Vernotte (2015)
Devising Effective Policies for Bug-Bounty Platforms and Security Vulnerability Discovery
Zhao (2017)
Comparison and Analysis of Web Vulnerability Scanners
A. Lis (2019)
An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications
Romaric Ludinard (2014)
Component-Based Crawling of Complex Rich Internet Applications
Moosavi Byooki (2014)
Next Generation Black-Box Web Application Vulnerability Analysis Framework
Tejas Khairnar (2017)
Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations
S. Rahaman (2019)
Web Application Vulnerabilities: A Survey
Vandana Dwivedi (2014)
Structured Object-Oriented Formal Language and Method
Shaoying Liu (2013)
Parameter Pollution Vulnerabilities in Web Applications
Marco embyte’Balduzzi (2011)
From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap
Alessandro Armando (2012)
A survey on web penetration test
M. Mirjalili (2014)
WebGuardia - an integrated penetration testing system to detect web application vulnerabilities
Nisal Madhushan Vithanage (2016)
Search engines: The invader to our privacy — A survey
Farhan Sahito (2011)
Model-based security testing: a taxonomy and systematic classification
M. Felderer (2016)
An algorithm to find relationships between web vulnerabilities
Fernando Román Muñoz (2016)
Towards Formal Security Analysis of Industrial Control Systems
M. Rocchetto (2017)
One Technique is Not Enough: A Comparison of Vulnerability Discovery Techniques
Andrew Austin (2011)
Assessing the Impact of Firewalls and Database Proxies on SQL Injection Testing
Dennis Appelt (2013)
Coverage Metrics and Detection of Injection Vulnerabilities: An Experimental Study
Ana Paula Sayuri Matsunaga (2016)
RTF Editor XSS Fuzz Framework
Jun Yang (2017)
See more
Semantic Scholar Logo Some data provided by SemanticScholar