ASSESSMENT OF OPEN SOURCE WEB APPLICATION SECURITY SCANNERS

The web application security has currently become a very significant area of scholarship, the best way to deal with it is to use web application security sca nner to discover the architectural weaknesses and vulnerabilities in the web application. A standard has been constructed by OWASP which lists common risks. The goal of this paper is to use OWASP Top 1 0 to compare and contrast the Open Source Web Application Security Scanners, and then determine t he best of them. The study shows that W3AF 1.2, arachniv0.4.0.3 and Skipfish 2.07 are the most suit able ones because they have 0.863826, 0.79922, and 0.781676 averages respectively. So the web developer or administrator can use them together, choose on e, or modify it by adding the missing feature and make his/her own application.

[1]  Zoran Djuric,et al.  A black-box testing tool for detecting SQL injection vulnerabilities , 2013, 2013 Second International Conference on Informatics & Applications (ICIA).

[2]  Giovanni Vigna,et al.  Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners , 2010, DIMVA.

[3]  John C. Mitchell,et al.  State of the Art: Automated Black-Box Web Application Vulnerability Testing , 2010, 2010 IEEE Symposium on Security and Privacy.

[4]  Alexander Aiken,et al.  Static Detection of Security Vulnerabilities in Scripting Languages , 2006, USENIX Security Symposium.

[5]  Tadeusz Pietraszek,et al.  Defending Against Injection Attacks Through Context-Sensitive String Evaluation , 2005, RAID.

[6]  Christopher Krügel,et al.  SecuBat: a web vulnerability scanner , 2006, WWW '06.

[7]  W. Marsden I and J , 2012 .

[8]  Marco Vieira,et al.  Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks , 2007 .

[9]  Zhendong Su,et al.  Sound and precise analysis of web applications for injection vulnerabilities , 2007, PLDI '07.

[10]  Christopher Krügel,et al.  Static analysis for detecting taint-style vulnerabilities in web applications , 2010, J. Comput. Secur..

[11]  Fakhreldeen Abbas Saeed Comparing and Evaluating Open Source E-learning Platforms , 2013 .

[12]  D. T. Lee,et al.  Securing web application code by static analysis and runtime protection , 2004, WWW '04.

[13]  Benjamin Livshits,et al.  Securing web applications with static and dynamic information flow tracking , 2008, PEPM '08.

[14]  Jan-Min Chen,et al.  An automated vulnerability scanner for injection attack based on injection point , 2010, 2010 International Computer Symposium (ICS2010).

[15]  Christopher Krügel,et al.  Anomaly detection of web-based attacks , 2003, CCS '03.

[16]  Christopher Krügel,et al.  Noxes: a client-side solution for mitigating cross-site scripting attacks , 2006, SAC '06.