Please use this identifier to cite or link to this item:
https://doi.org/10.21256/zhaw-3927| Publication type: | Conference paper |
| Type of review: | Peer review (publication) |
| Title: | Exploiting the potential of web application vulnerability scanning |
| Authors: | Esposito, Damiano Rennhard, Marc Ruf, Lukas Wagner, Arno |
| DOI: | 10.21256/zhaw-3927 |
| Proceedings: | ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection |
| Page(s): | 22 |
| Pages to: | 29 |
| Conference details: | ICIMP 2018 the Thirteenth International Conference on Internet Monitoring and Protection, Barcelona, Spain, 22-26 July 2018 |
| Issue Date: | 2018 |
| Publisher / Ed. Institution: | IARIA |
| Language: | English |
| Subjects: | Web application security; Vulnerability scanning; Vulnerability detection performance |
| Subject (DDC): | 005: Computer programming, programs and data |
| Abstract: | Using automated web application vulnerability scanners so that they truly live up to their potential is difficult. Two of the main reasons for this are limitations with respect to crawling capabilities and problems to perform authenticated scans. In this paper, we present JARVIS, which provides technical solutions that can be applied to a wide range of vulnerability scanners to overcome these limitations. Our evaluation shows that by using JARVIS, the vulnerability detection performance of five freely available scanners can be improved by more than 100% compared to using them in their basic configuration. As the configuration effort to use JARVIS is small and the configurations are scanner-independent, JARVIS also allows to use multiple scanners in parallel in an efficient way. In an additional evaluation, we therefore analyzed the potential and limitations of using multiple scanners in parallel. This revealed that using multiple scanners in a reasonable way is indeed beneficial as it increases the number of detected vulnerabilities without a significant negative impact on the reported false positives. |
| URI: | https://digitalcollection.zhaw.ch/handle/11475/8840 |
| Fulltext version: | Published version |
| License (according to publishing contract): | Licence according to publishing contract |
| Departement: | School of Engineering |
| Organisational Unit: | Institute of Computer Science (InIT) |
| Published as part of the ZHAW project: | ASAP: Plattform für die automatisierte Sicherheitsanalyse von IT-Systemen |
| Appears in collections: | Publikationen School of Engineering |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| icimp_2018_2_10_30010.pdf | Paper | 319.6 kB | Adobe PDF |  View/Open |
Show full item record
Esposito, D., Rennhard, M., Ruf, L., & Wagner, A. (2018). Exploiting the potential of web application vulnerability scanning [Conference paper]. ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, 22–29. https://doi.org/10.21256/zhaw-3927
Esposito, D. et al. (2018) ‘Exploiting the potential of web application vulnerability scanning’, in ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection. IARIA, pp. 22–29. Available at: https://doi.org/10.21256/zhaw-3927.
D. Esposito, M. Rennhard, L. Ruf, and A. Wagner, “Exploiting the potential of web application vulnerability scanning,” in ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection, 2018, pp. 22–29. doi: 10.21256/zhaw-3927.
ESPOSITO, Damiano, Marc RENNHARD, Lukas RUF und Arno WAGNER, 2018. Exploiting the potential of web application vulnerability scanning. In: ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection. Conference paper. IARIA. 2018. S. 22–29
Esposito, Damiano, Marc Rennhard, Lukas Ruf, and Arno Wagner. 2018. “Exploiting the Potential of Web Application Vulnerability Scanning.” Conference paper. In ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, 22–29. IARIA. https://doi.org/10.21256/zhaw-3927.
Esposito, Damiano, et al. “Exploiting the Potential of Web Application Vulnerability Scanning.” ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, IARIA, 2018, pp. 22–29, https://doi.org/10.21256/zhaw-3927.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.