Online citations, reference lists, and bibliographies.

Why Johnny Can't Pentest: An Analysis Of Black-Box Web Vulnerability Scanners

A. Doupé, M. Cova, G. Vigna
Published 2010 · Computer Science

Cite This
Download PDF
Analyze on Scholarcy
Share
Black-box web vulnerability scanners are a class of tools that can be used to identify security issues in web applications. These tools are often marketed as "point-and-click pentesting" tools that automatically evaluate the security of web applications with little or no human support. These tools access a web application in the same way users do, and, therefore, have the advantage of being independent of the particular technology used to implement the web application. However, these tools need to be able to access and test the application's various components, which are often hidden behind forms, JavaScript-generated links, and Flash applications. This paper presents an evaluation of eleven black-box web vulnerability scanners, both commercial and open-source. The evaluation composes different types of vulnerabilities with different challenges to the crawling capabilities of the tools. These tests are integrated in a realistic web application. The results of the evaluation show that crawling is a task that is as critical and challenging to the overall ability to detect vulnerabilities as the vulnerability detection techniques themselves, and that many classes of vulnerabilities are completely overlooked by these tools, and thus research is required to improve the automated detection of these flaws.
This paper references
To Catch a Predator: A Natural Language Approach for Eliciting Malicious Payloads
Sam Small (2008)
10.1145/1135777.1135817
SecuBat: a web vulnerability scanner
Stefan Kals (2006)
Open Web Application Security Project ( OWASP ) : OWASP SiteGenerator
H. Peine (2008)
Foundstone : Hacme Bank v 2 . 0
J. Grossman
Security Test Tools for Web Applications
H Peine (2006)
10.1145/1315245.1315250
Multi-module vulnerability analysis of web-based applications
D. Balzarotti (2007)
10.1109/MSP.2006.108
Web application security assessment tools
Mark Curphey (2006)
AnantaSec: Web Vulnerability Scanners Evaluation
(2009)
RSnake: Sql injection cheat sheet. http://ha.ckers.org/sqlinjection/ 19. RSnake: XSS (Cross Site Scripting) Cheat Sheet
Challenges of Automated Web Application Scanning
J Grossman (2004)
Analyzing the Effectiveness and Coverage of Web Application Security Scanners
L Suto (2007)
10.1109/DSN.2009.5270294
Using web security scanners to detect vulnerabilities in web services
Marco Vieira (2009)
Analyzing the Effectiveness and Coverage of Web Application Security Scanners (October 2007), case Study
L. Suto (2007)
OWASP Top Ten Project
Open Web Application Security Project OWASP (2010)
Analyzing the Accuracy and Time Costs of Web Application Security Scanners
L Suto (2010)
Web Application Vulnerability Scanners—a Benchmark
A Wiegenstein (2006)
10.1007/978-3-540-87403-4_11
Leveraging User Interactions for In-Depth Testing of Web Applications
Sean McAllister (2008)
All Your iFRAMEs Point to Us
Niels Provos (2008)
CVE: Common Vulnerabilities and Exposures



This paper is referenced by
10.1016/B978-0-12-415844-3.00023-1
Chapter 23 – Analysis and Development of Green-Aware Security Mechanisms for Modern Internet Applications
L. Caviglione (2013)
Formalisation et génération d'injections
Eric Alata (2014)
10.1007/978-3-642-40597-6_20
Detecting Vulnerabilities in Web Applications Using Automated Black Box and Manual Penetration Testing
Nor Fatimah Awang (2013)
XSS Peeker: A Systematic Analysis of Cross-site Scripting Vulnerability Scanners
Enrico Bazzoli (2014)
Improving the Adoption of Dynamic Web Security Vulnerability Scanners
Y. R. Smeets (2015)
10.5220/0007255301930204
Locality-Sensitive Hashing for Efficient Web Application Security Testing
Ilan Ben-Bassat (2019)
10.1145/3341325.3342032
Analysis of Automated Web Application Security Vulnerabilities Testing
Pariwish Touseef (2019)
10.1002/stvr.1685
MobSTer: A model-based security testing framework for web applications
Michele Peroli (2018)
10.1007/s10207-016-0334-0
Designing vulnerability testing tools for web services: approach, components, and tools
N. Antunes (2016)
10.1002/sec.747
Static Detection of Logic Vulnerabilities in Java Web Applications
Z. Fang (2012)
10.1109/MC.2013.409
Penetration Testing for Web Services
N. Antunes (2014)
10.1007/978-3-319-26416-5_7
Risk-Driven Vulnerability Testing: Results from eHealth Experiments Using Patterns and Model-Based Approach
Alexandre Vernotte (2015)
10.5325/JINFOPOLI.7.2017.0372
Devising Effective Policies for Bug-Bounty Platforms and Security Vulnerability Discovery
Zhao (2017)
Comparison and Analysis of Web Vulnerability Scanners
A. Lis (2019)
10.4018/ijsse.2014010102
An Invariant-Based Approach for Detecting Attacks Against Data in Web Applications
Romaric Ludinard (2014)
10.20381/RUOR-3546
Component-Based Crawling of Complex Rich Internet Applications
Moosavi Byooki (2014)
Next Generation Black-Box Web Application Vulnerability Analysis Framework
Tejas Khairnar (2017)
10.1145/3319535.3363195
Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations
S. Rahaman (2019)
10.5120/18877-0144
Web Application Vulnerabilities: A Survey
Vandana Dwivedi (2014)
10.1007/978-3-319-04915-1
Structured Object-Oriented Formal Language and Method
Shaoying Liu (2013)
Parameter Pollution Vulnerabilities in Web Applications
Marco embyte’Balduzzi (2011)
10.1007/978-3-642-30473-6_3
From Model-Checking to Automated Testing of Security Protocols: Bridging the Gap
Alessandro Armando (2012)
A survey on web penetration test
M. Mirjalili (2014)
10.1109/WISPNET.2016.7566124
WebGuardia - an integrated penetration testing system to detect web application vulnerabilities
Nisal Madhushan Vithanage (2016)
Search engines: The invader to our privacy — A survey
Farhan Sahito (2011)
10.1002/stvr.1580
Model-based security testing: a taxonomy and systematic classification
M. Felderer (2016)
10.1007/s11227-016-1770-3
An algorithm to find relationships between web vulnerabilities
Fernando Román Muñoz (2016)
10.1145/3052973.3053024
Towards Formal Security Analysis of Industrial Control Systems
M. Rocchetto (2017)
10.1109/ESEM.2011.18
One Technique is Not Enough: A Comparison of Vulnerability Discovery Techniques
Andrew Austin (2011)
10.1007/978-3-319-07785-7_2
Assessing the Impact of Firewalls and Database Proxies on SQL Injection Testing
Dennis Appelt (2013)
10.1109/EDCC.2016.32
Coverage Metrics and Detection of Injection Vulnerabilities: An Experimental Study
Ana Paula Sayuri Matsunaga (2016)
10.1007/978-3-319-61542-4_95
RTF Editor XSS Fuzz Framework
Jun Yang (2017)
See more
Semantic Scholar Logo Some data provided by SemanticScholar