Evaluation of Static Web Vulnerability Analysis Tools

Tyagi, Shobha; Kumar, K. Sathish

doi:10.1109/pdgc.2018.8745996

Cited by 13 publications

(4 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…A test environment was established using the DVWA [ 26 ] web application vulnerability analysis tool, using the Burp Suite tool to pass the XSS and SQL injection payloads and capture the traffic in the middle proxy. The dataset generation steps are shown in Figure 6 .…”

Section: Methodsmentioning

confidence: 99%

Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks

Dawadi

Adhikari

Srivastava

2023

Sensors

View full text Add to dashboard Cite

New techniques and tactics are being used to gain unauthorized access to the web that harm, steal, and destroy information. Protecting the system from many threats such as DDoS, SQL injection, cross-site scripting, etc., is always a challenging issue. This research work makes a comparative analysis between normal HTTP traffic and attack traffic that identifies attack-indicating parameters and features. Different features of standard datasets ISCX, CISC, and CICDDoS were analyzed and attack and normal traffic were compared by taking different parameters into consideration. A layered architecture model for DDoS, XSS, and SQL injection attack detection was developed using a dataset collected from the simulation environment. In the long short-term memory (LSTM)-based layered architecture, the first layer was the DDoS detection model designed with an accuracy of 97.57% and the second was the XSS and SQL injection layer with an obtained accuracy of 89.34%. The higher rate of HTTP traffic was investigated first and filtered out, and then passed to the second layer. The web application firewall (WAF) adds an extra layer of security to the web application by providing application-level filtering that cannot be achieved by the traditional network firewall system.

show abstract

Section: Methodsmentioning

confidence: 99%

Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks

Dawadi

Adhikari

Srivastava

2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Anagandula et al [25] analysed black-box web application scanners in detecting SQL injection and XSS vulnerabilities. Tyagi et al [26] evaluated two static web application vulnerability analyses tools, OWASP WAP and RIPS using the deliberately vulnerable web application and found that OWASP WAP offers better results over RIPS. Anhar and Suryanto [27] evaluated web application vulnerability scanners such as OWASP ZAP, Wapiti, Arachni, and Burp Suite Professional.…”

Section: Existing Vulnerability Scannersmentioning

confidence: 99%

Clarity: Analysing Security in Web Applications

Potter

Saxena

Maity

2023

2023 15th International Conference on COMmunication Systems &Amp; NETworkS (COMSNETS)

View full text Add to dashboard Cite

The rapid rise in business' moving online has resulted in e-commerce web applications becoming increasingly targeted by hackers. This paper proposes Clarity, a dynamic black box vulnerability scanner capable of detecting Cross-Site Scripting, SQL Injection, HTTP Response Splitting, and Session Management vulnerabilities in web applications. The developed tool employs the use of Mechanize and Selenium to perform the majority of its web scraping requirements. Clarity was tested against 50 e-commerce web applications, uncovering Session Management flaws as the most prevalent vulnerability, with 36 out of the 50 applications being vulnerable.

show abstract

“…Ukuran ordinal adalah angka yang diberikan, angka tersebut mengandung arti tingkatan. Nominal angka 0 digunakan untuk mengurutkan objek dari tingkatan terendah sampai tertinggi [13] [14].…”

Section: Hasil Dan Pembahasanunclassified

Analisis Keamanan Website Menggunakan OWASP dan Control Objective For Information and Related Technology (COBIT 5)

Yunanri¹,

Yuliadi²,

Shafwan³

2022

Jur. Ris. Kom.

View full text Add to dashboard Cite

The website is a collection of information services that function as a means of interaction either individually, in groups, or in organizations. The benchmark that makes a website good is a website that has a high level of security so that it can provide comfort for its users. Therefore all agencies try to provide the best through websites that are used as information services, one of which is the Super Indo Company. However, in the running process, there are disturbances on the website, such as bugs found and the absence of security standards applied to the website. The purpose of this research is to find alerts so that bugs are identified using the OWASP ZAP application and to find out the level of security applied to websites using the COBIT 5 standard or method. The results obtained from all activity processes get a capability level value of 3.42 or at the Established process level (a management process). The Super Indo company is already at a fairly good level in the website development process

show abstract

Evaluation of Static Web Vulnerability Analysis Tools

Cited by 13 publications

References 12 publications

Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks

Deep Learning Technique-Enabled Web Application Firewall for the Detection of Web Attacks

Clarity: Analysing Security in Web Applications

Analisis Keamanan Website Menggunakan OWASP dan Control Objective For Information and Related Technology (COBIT 5)

Contact Info

Product

Resources

About