W-VST: A Testbed for Evaluating Web Vulnerability Scanner

Tung, Yuan-Hsin; Tseng, Shian‐Shyong; Shih, Jen-Feng; Shan, Hwai-Ling

doi:10.1109/qsic.2014.50

Cited by 8 publications

(5 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recall 79 is the number of correctly detected vulnerabilities represented as a proportion of all the known vulnerabilities (including those that should have been detected by the tool but were not). The formula for the recall is given in Equation .…”

Section: Empirical Studymentioning

confidence: 99%

An empirical comparison of commercial and open‐source web vulnerability scanners

et al. 2020

View full text Add to dashboard Cite

Web vulnerability scanners (WVSs) are tools that can detect security vulnerabilities in web services. Although both commercial and open-source WVSs exist, their vulnerability detection capability and performance vary. In this paper, we report on a comparative study to determine the vulnerability detection capabilities of eight WVSs (both open and commercial) using two vulnerable web applications: WebGoat and Damn vulnerable web application (DVWA). The eight WVSs studied were: Acunetix; HP WebInspect; IBM AppScan; OWASP ZAP; S ; Arachni; Vega; and Iron WASP. The performance was evaluated using multiple evaluation metrics: precision; recall; Youden index; OWASP web benchmark evaluation (WBE); and the web application security scanner evaluation criteria (WASSEC). The experimental results show that, while the commercial scanners are effective in detecting security vulnerabilities, some open-source scanners (such as ZAP and Skipfish) can also be effective. In summary, this study recommends improving the vulnerability detection capabilities of both the open-source and commercial scanners to enhance code coverage and the detection rate, and to reduce the number of false-positives.

show abstract

Section: Empirical Studymentioning

confidence: 99%

An empirical comparison of commercial and open‐source web vulnerability scanners

et al. 2020

View full text Add to dashboard Cite

show abstract

“…The measurement metric of the number of true negatives illustrates the benign cross-site scripting vulnerabilities that a web application security scanner has successfully detected [27]. According to the experimental outcome of Figure 4, current web application security scanners only manage to detect cross-site scripting in some test-beds, which have simple business logic and without the authentication scheme.…”

Section: The Number Of True Negativesmentioning

confidence: 99%

“…The measurement metric of false positive illustrates fake cross-site scripting vulnerabilities yielded by the web application security scanners [27]. Figure 4 shows selected web application security scanners had produced false positive results while scanning the test-beds.…”

Section: The Number Of False Positivesmentioning

confidence: 99%

The Preparation of Cross-site Scripting in Automated Web Application Vulnerability Assessment: The Quantitative Analysis

Seng¹

2019

IJATCSE

View full text Add to dashboard Cite

Nowadays, practitioners have automated web application vulnerability assessment to speed up the testing life-cycle. Although this area of research had been widely studied worldwide for decades, however, existing studies show present state-of-the-art of automated web application vulnerability assessment still suffer from limitations of false alarms, which including both false positive and false negative. Therefore, this paper extends present research works by quantitatively analysing the web application security scanners' quality. The objective is to investigate present state-of-the-art performance in cross-site scripting detection for witnessing the decades of evolution. This paper achieves desired goal using the experimental research method, which the paper had quantitatively analysed six web application security scanner's performance for clarifying these scanners' capability in detecting the crosssite scripting. The experiment result shows present state-ofthe-art still suffer from limitations of false positive, false negative and redundant test results.

show abstract

“…The experiment was conducted by configured the scanners to scan selected vulnerable web applications. Summing up experimental results of [6,7,18,22,23,26,30,34,[37][38][39][40][41][42][43][44][45][46], web application security scanners not only tends to generate false alarm, the coverage issue is quite concerning in automated web application penetration testing. Besides this, web application security scanners are exceptionally good in detecting reflected cross-site scripting and SQL injection.…”

Section: 2clarifying Scanners Strengths and Limitationsmentioning

confidence: 99%

The approaches to quantify web application security scanners quality: a review

Seng¹,

Ithnin²,

Said³

2018

IJACR

View full text Add to dashboard Cite

The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality.

show abstract

W-VST: A Testbed for Evaluating Web Vulnerability Scanner

Cited by 8 publications

References 6 publications

An empirical comparison of commercial and open‐source web vulnerability scanners

An empirical comparison of commercial and open‐source web vulnerability scanners

The Preparation of Cross-site Scripting in Automated Web Application Vulnerability Assessment: The Quantitative Analysis

The approaches to quantify web application security scanners quality: a review

Contact Info

Product

Resources

About