nach oben

The Journal of Supercomputing

Erschienen in:

19.11.2016

Analyzing the traffic of penetration testing tools with an IDS

verfasst von: Fernando Román Muñoz, Esteban Alejandro Armas Vega, Luis Javier García Villalba

Erschienen in: The Journal of Supercomputing | Ausgabe 12/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Many papers have been published comparing the accuracy of automated tools in looking for vulnerabilities in web applications. In those previous studies the researchers analyze vulnerable web applications with pentesting tools and then the reports that automated tools generate are compared to each other. The aim of this work is not only to know the detection capabilities of tools, but also to know what tests are performed, which vulnerabilities they try to detect and which really has the web application. This way it can be known whether the tests carried out by automated tools are efficient and meet two important aspects of the analysis tools: the automated tool has to try to detect all vulnerabilities in the web applications if it has a feature to do it; and also they have to report all vulnerabilities that they detect.

Vorheriger Artikel A secure authentication scheme based on elliptic curve cryptography for IoT and cloud servers

Nächster Artikel Resource provisioning for cloud applications: a 3-D, provident and flexible approach

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Sagala A, Manurung E (2015) Testing and comparing result scanning using web vulnerability scanner. Adv Sci Lett 21(11):3458–3462CrossRef

Nidhra S, Dondeti J (2012) Blackbox and whitebox testing techniques—a literature review. Int J Embed Syst Appl (IJESA) 2(2):29–50

Makino Y, Klyuev V (2015) Evaluation of web vulnerability scanners. In: Proceedings of the IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), vol 1, Warsaw, PL, pp 399–402

Bau J, Bursztein E, Gupta D, Mitchell J (2010) State of the art: automated black-box web application vulnerability testing. In: Proceedings of the 2010 IEEE Symposium on Security and Privacy, SP ’10, IEEE Computer Society, Washington, DC, USA, pp 332–345

Baral P (2011) Web application scanners: a review of related articles. IEEE Potentials 30(2):10–14CrossRef

The Open Web Application Security Project OWASP (2016) OWASP Zed Attack Proxy Project. https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project. Accessed 29 April 2016

Google (2016) Google Code—Skipfish. https://code.google.com/archive/p/skipfish/. Accessed 22 March 2016

RandomStorm (2016) Damn Vulnerable Web Application (DVWA). http://www.dvwa.co.uk. Accessed 22 March 2016

Google (2016) Google Code—WAVSEP. https://code.google.com/archive/p/wavsep/. Accessed 29 April 2016

10.

Saeed FA (2014) Using WASSEC to analysis and evaluate open source web application security scanners. Int J Comput Sci Netw 3(2):43–49

11.

Web Application Security Consortium (2016) Web application security scanner evaluation criteria WASSEC. http://goo.gl/aePtyC. Accessed 22 March 2016

12.

W3af (2016) W3af—open source web application security scanner. http://w3af.org. Accessed 29 April 2016

13.

Saeed FA (2014) Using WASSEC to evaluate commercial web application security scanners. Int J Soft Comput Eng (IJSCE) 4(1):177–181MathSciNet

14.

Acunetix (2015) Web vulnerability scanner v10 product manual. Product Manual, Acunetix

15.

Khoury N, Zavarsky P, Lindskog D, Ruhl R (2011) An analysis of black-box web application security scanners against stored SQL injection. In: Proceedings of the IEEE Third International Conference on Privacy, Security, Risk and Trust (PASSAT) and IEEE Third Inernational Conference on Social Computing (SocialCom), Boston, MA, pp 1095–1101

16.

Daud NI, Bakar KAA, Hasan MSMd (2014) A case study on web application vulnerability scanning tools. In: Proceedings of the Conference of Science and Information (SAI), IEEE, pp 595–600

17.

Suteva N, Zlatkovski D, Mileva A (2013) Evaluation and testing of several free/open source web vulnerability scanners. In: Proceedings of the 10th Conference for Informatics and Information Technology (CIIT 2013), Bitola, MK, pp 221–224

18.

(2016) Snort—Network Intrusion Detection and Prevention System. https://www.snort.org/. Accessed 29 April 2016

19.

Alnabulsi H, Islam Md.R, Mamun Q (2014) Detecting SQL injection attacks using SNORT IDS. In: Proceedings of the 2014 Asia-Pacific World Congress on Computer Science and Engineering (APWC on CSE), IEEE, pp 1–7

20.

Dabbour M, Alsmadi I, Alsukhni E (2013) Efficient assessment and evaluation for websites vulnerabilities using SNORT. Int J Secur Appl 7(1)

21.

HP (2015) HP WebInsPect. Product Manual, HP

22.

Arachni (2016) ARACHNI web application security scanner framework. http://www.arachni-scanner.com. Accessed 29 April 2016

23.

The Open Web Application Security Project OWASP (2013) OWASP Top 10—2013 the ten most critical web application security risks. Release, the open web application security project OWASP

24.

Firns I (2016) Dedicated Spooler for Snort’s Unified2 Binary Output Format. https://github.com/firnsy/barnyard2. Accessed 29 April 2016

25.

Willis Webber D (2016) Ruby on rails application for network security monitoring. https://github.com/Snorby/snorby. Accessed 29 April 2016

26.

Doupé A, Cova M, Vigna G (2010) Detection of intrusions and malware, and vulnerability assessment. In: Kreibich C, Jahnke M (eds), Proceedings of the 7th International Conference (DIMVA 2010), Bonn, Germany, pp 111–131

27.

Doupé A (2016) WackoPicko vulnerable website. https://github.com/adamdoupe/WackoPicko. Accessed 22 March 2016

28.

Network Statistics Gatherer (2016) https://unix4lyfe.org/darkstat/. Accessed 29 April 2016

Titel: Analyzing the traffic of penetration testing tools with an IDS
verfasst von: Fernando Román Muñoz
Esteban Alejandro Armas Vega
Luis Javier García Villalba
Publikationsdatum: 19.11.2016
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 12/2018
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-016-1920-7

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 12/2018

On construction of a virtual GPU cluster with InfiniBand and 10 Gb Ethernet virtualization

Secure mobile device structure for trust IoT

Detection of damaged files and measurement of similarity to originals using entropy graph characteristics

Resource provisioning for cloud applications: a 3-D, provident and flexible approach

Multi-objective optimization design for multi-source multicasting MIMO AF relay systems

Power function-based signal recovery transition optimization model of emergency traffic

Premium Partner