Research Article

Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape

by  Chanchala Joshi, Umesh Kumar Singh
journal cover
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 145 - Issue 2
Published: Jul 2016
Authors: Chanchala Joshi, Umesh Kumar Singh
10.5120/ijca2016910563
PDF

Chanchala Joshi, Umesh Kumar Singh . Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape. International Journal of Computer Applications. 145, 2 (Jul 2016), 1-7. DOI=10.5120/ijca2016910563

                        @article{ 10.5120/ijca2016910563,
                        author  = { Chanchala Joshi,Umesh Kumar Singh },
                        title   = { Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape },
                        journal = { International Journal of Computer Applications },
                        year    = { 2016 },
                        volume  = { 145 },
                        number  = { 2 },
                        pages   = { 1-7 },
                        doi     = { 10.5120/ijca2016910563 },
                        publisher = { Foundation of Computer Science (FCS), NY, USA }
                        }
                        %0 Journal Article
                        %D 2016
                        %A Chanchala Joshi
                        %A Umesh Kumar Singh
                        %T Security Testing and Assessment of Vulnerability Scanners in Quest of Current Information Security Landscape%T 
                        %J International Journal of Computer Applications
                        %V 145
                        %N 2
                        %P 1-7
                        %R 10.5120/ijca2016910563
                        %I Foundation of Computer Science (FCS), NY, USA
Abstract

This paper describes a web application intended to be used to evaluate the efficiency of Netsparker, Acunetix and Burp Suite web application vulnerability scanners. This paper also explains the defense measures to secure the application significantly. The results of web application evaluation identify the most challenging vulnerabilities for scanner to detect, and compare the effectiveness of scanners. The assessment results suggest the areas that require further research to improve scanner’s detection rate.

References
  • Sarasan S. “Detection and Prevention of Web Application Security Attacks”, International Journal of Advanced Electrical and Electronics Engineering, (IJAEEE), ISSN (Print) : 2278-8948, Volume-2, Issue-3, 2013, pp. 29- 34.
  • International Organization for Standardization and International Electrotechnical Commission. ISO/IEC 27001:2005, Information technology – security techniques – information security management systems – requirements, 2005.
  • National Vulnerability Database, http://nvd.nist.gov
  • N. Antunes and M. Vieira, "Enhancing Penetration Testing with Attack Signatures and Interface Monitoring for the Detection of Injection Vulnerabilities in Web Services," Proc. IEEE Int'l Conf. Services Computing (SCC 11), IEEE CS, 2011, pp. 104-111.
  • IBM Rational AppScan, 2008, http://www-01.ibm.com/software/awdtools/appscan/
  • HP WebInspect, 2008, http://www.hp.com
  • Acunetix Web Vulnerability Scanner, 2008,http://www.acunetix.com/vulnerability-scanner/
  • Netsparker Web Vulnerability Scanner, 2012, https://www.netsparker.com/web-vulnerability-scanner/
  • Burp Suit Web Vulnerability Scanner, https://portswigger.net/burp/
  • Foundstone WSDigger, 2008, http://www.foundstone.com/us/resources/proddesc/wsdigger.htm
  • wsfuzzer, 2008, http://www.neurofuzz.com/modules/software/wsfuzzer.php
  • https://www.owasp.org/images/0/0f/OWASP_T10_-_2015_rc1.pdf
  • Foundstone Hacme Series. McAfee Corp
  • WebGoat Project. OWASP. http://www.owasp.org/index.php/Category:OWASP WebGoat Project
  • K. K. Mookhey, Nilesh Burghate, Detection of SQL Injection and Cross-site Scripting Attacks, Symantec Connect Community, 02 November 2010
  • J. Weinberger, P. Saxena, D. Akhawe, M. Finifter, R. Shin, and D. Song, “A Systematic Analysis of XSS Sanitization in Web Application Frameworks”, University of California, Berkeley, 2011
  • The OWASP Foundation, “OWASP Top Ten Web Application Security Risks”, http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project, 2015
  • Oracle Documentation. “Using Prepared Statements”, 2011. Retrieved 2012 from: http://docs.oracle.com/javase/tutorial/jdbc/basics/prepared.html
  • Yang Guang, J. J., & Jipeng, H. “System modules interaction based stress testing model”, 2014. The Second International Conference on Computer Engineering and Applications, (pp. 138-141) Bali Island
  • Neto, A. A., Duraes, J., Vieira, M., & Madeira, H. “Assessing and Comparing Security of Web Servers”, 2008. 14th IEEE Pacific International Symposium on Dependable Computing. IEEE Computer Society
  • Shekyan, S. Qualys Community. “Identifying Slow HTTP Attack Vulnerabilities on Web Applications”, 2013
  • Shekyan, S. Qualys Community. “How to Protect Against Slow HTTP Attacks”, 2014
  • Apache Software Foundation. “Security Tips, V 2.5”, 2011. Retrieved 2014, from: http://httpd.apache.org/docs/2.0/misc/security_tips.html
  • Black, P. E., Fong, E., Okun, V., & Gaucher, R. National Institute of Standards and Technology (NIST). “Software Assurance Tools: Web Application Security Scanner Functional Specification”
  • Vieira M, Antunes N, Madeira H. “Using Web Security Scanners to Detect Vulnerabilities in Web Services”, Coimbra - 2015
Index Terms
Computer Science
Information Sciences
No index terms available.
Keywords

Vulnerability Web Application Vulnerability Scanner Security trends

Powered by PhDFocusTM