Top

Published in:

2018 | OriginalPaper | Chapter

Performance Analysis of Vulnerability Detection Scanners for Web Systems

Authors : Shailendra Singh, Karan Singh

Published in: Cyber Security

Publisher: Springer Singapore

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Much work is done in the area of vulnerability detection. However, it is still not sufficient to detect all the vulnerabilities present in a web application. Vulnerability detection scanners are an automated way to check for these vulnerabilities. But even after many improvements their detection rate is very low. In most cases, averaging to 40% detection of vulnerabilities. This rate can be increased when we provide favorable situations to scanners, increasing its detection rate. This work deals with such situations. The selection of best scanner for a given situation. So that detection of vulnerabilities is fulfilled in a more efficient way.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter k-Barrier Coverage-Based Intrusion Detection for Wireless Sensor Networks

next chapter Performance Evaluation of Multicast Source Authentication Scheme

Kern C, Kesavan A, Daswani N (2007) Foundations of security: what every programmer needs to know. In: Paperback, 14 Feb 2007

Tanenbaum AS, Wetherall DJ. Computer networks, 5th edn. Prentice Hall, Upper Saddle River

Cisco.com (2015) Cisco annual security report. http://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf

Sili M (2010) Security vulnerabilities in modern web browser architecture. In: MIPRO, Opatija, Croatia, pp 1240–1245

Johari R, Sharma P (2012) A survey on web application vulnerabilities (SQLIA,XSS) exploitation and security engine for SQL injection. In: International conference on communication systems and network technologies, pp 453–458. https://doi.org/10.1109/csnt.2012.104

Fonseca J (2014) Evolution of web security mechanisms using vulnerability and attack injection. IEEE Trans Dependable Secur Comput 11(5):440–453CrossRef

Duraes JA, Madeira HS (2006) Emulation of software faults: a field data study and a practical approach. IEEE Trans Software Eng 32(11)CrossRef

Avancini A, Ceccato M (2011) Security testing of web applications: a search based approach for cross-site scripting vulnerabilities. In: 11th IEEE international working conference on source code analysis and manipulation, pp 85–94. https://doi.org/10.1109/scam.2011.7

Wang X (2010) Hidden web crawling for SQL injection detection. In: Proceedings of IC-BNMT2010. IEEE, pp 14–18

10.

Dessiatnikoff A (2011) A clustering approach for web vulnerabilities detection. In: 17th IEEE Pacific rim international symposium on dependable computing, pp 194–203

11.

Damjanovic V, Djuric D (2010) Functional programming way to interact with software attacks and vulnerabilities. In: Third international conference on software testing, verification, and validation workshops. IEEE, pp 388–393. https://doi.org/10.1109/icstw.2010.53

12.

Buja G, Jalil KBA, Mohd Ali FBH, Abdul TF (2014) Detection model for SQL injection attack: an approach for preventing a web application from the SQL injection attack. In: IEEE Symposium on Computer Applications & Industrial Electronics (ISCAIE), Penang, Malaysia, pp 60–64

13.

Owasp.org (2015) OWASP vulnerable web applications directory project—OWASP. https://www.owasp.org/index.php/OWASP_Vulnerable_Web_Applications_Directory_Project

14.

Acuart, http://testphp.vulnweb.com/

15.

Vicnum Project, http://vicnum.ciphertechs.com/

16.

Web Scanner Test Site, http://www.webscantest.com/

17.

Zero Bank, http://zero.webappsecurity.com/

Title: Performance Analysis of Vulnerability Detection Scanners for Web Systems
Authors: Shailendra Singh
Karan Singh
Publisher: Springer Singapore
Book: Cyber Security
Print ISBN: 978-981-10-8535-2

Electronic ISBN: 978-981-10-8536-9

Copyright Year: 2018
DOI: https://doi.org/10.1007/978-981-10-8536-9_37

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner