Bitte benutzen Sie diese Kennung, um auf die Ressource zu verweisen:
https://doi.org/10.21256/zhaw-3927| Publikationstyp: | Konferenz: Paper |
| Art der Begutachtung: | Peer review (Publikation) |
| Titel: | Exploiting the potential of web application vulnerability scanning |
| Autor/-in: | Esposito, Damiano Rennhard, Marc Ruf, Lukas Wagner, Arno |
| DOI: | 10.21256/zhaw-3927 |
| Tagungsband: | ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection |
| Seite(n): | 22 |
| Seiten bis: | 29 |
| Angaben zur Konferenz: | ICIMP 2018 the Thirteenth International Conference on Internet Monitoring and Protection, Barcelona, Spain, 22-26 July 2018 |
| Erscheinungsdatum: | 2018 |
| Verlag / Hrsg. Institution: | IARIA |
| Sprache: | Englisch |
| Schlagwörter: | Web application security; Vulnerability scanning; Vulnerability detection performance |
| Fachgebiet (DDC): | 005: Computerprogrammierung, Programme und Daten |
| Zusammenfassung: | Using automated web application vulnerability scanners so that they truly live up to their potential is difficult. Two of the main reasons for this are limitations with respect to crawling capabilities and problems to perform authenticated scans. In this paper, we present JARVIS, which provides technical solutions that can be applied to a wide range of vulnerability scanners to overcome these limitations. Our evaluation shows that by using JARVIS, the vulnerability detection performance of five freely available scanners can be improved by more than 100% compared to using them in their basic configuration. As the configuration effort to use JARVIS is small and the configurations are scanner-independent, JARVIS also allows to use multiple scanners in parallel in an efficient way. In an additional evaluation, we therefore analyzed the potential and limitations of using multiple scanners in parallel. This revealed that using multiple scanners in a reasonable way is indeed beneficial as it increases the number of detected vulnerabilities without a significant negative impact on the reported false positives. |
| URI: | https://digitalcollection.zhaw.ch/handle/11475/8840 |
| Volltext Version: | Publizierte Version |
| Lizenz (gemäss Verlagsvertrag): | Lizenz gemäss Verlagsvertrag |
| Departement: | School of Engineering |
| Organisationseinheit: | Institut für Informatik (InIT) |
| Publiziert im Rahmen des ZHAW-Projekts: | ASAP: Plattform für die automatisierte Sicherheitsanalyse von IT-Systemen |
| Enthalten in den Sammlungen: | Publikationen School of Engineering |
Dateien zu dieser Ressource:
| Datei | Beschreibung | Größe | Format | |
|---|---|---|---|---|
| icimp_2018_2_10_30010.pdf | Paper | 319.6 kB | Adobe PDF |  Öffnen/Anzeigen |
Zur Langanzeige
Esposito, D., Rennhard, M., Ruf, L., & Wagner, A. (2018). Exploiting the potential of web application vulnerability scanning [Conference paper]. ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, 22–29. https://doi.org/10.21256/zhaw-3927
Esposito, D. et al. (2018) ‘Exploiting the potential of web application vulnerability scanning’, in ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection. IARIA, pp. 22–29. Available at: https://doi.org/10.21256/zhaw-3927.
D. Esposito, M. Rennhard, L. Ruf, and A. Wagner, “Exploiting the potential of web application vulnerability scanning,” in ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection, 2018, pp. 22–29. doi: 10.21256/zhaw-3927.
ESPOSITO, Damiano, Marc RENNHARD, Lukas RUF und Arno WAGNER, 2018. Exploiting the potential of web application vulnerability scanning. In: ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection. Conference paper. IARIA. 2018. S. 22–29
Esposito, Damiano, Marc Rennhard, Lukas Ruf, and Arno Wagner. 2018. “Exploiting the Potential of Web Application Vulnerability Scanning.” Conference paper. In ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, 22–29. IARIA. https://doi.org/10.21256/zhaw-3927.
Esposito, Damiano, et al. “Exploiting the Potential of Web Application Vulnerability Scanning.” ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, IARIA, 2018, pp. 22–29, https://doi.org/10.21256/zhaw-3927.
Alle Ressourcen in diesem Repository sind urheberrechtlich geschützt, soweit nicht anderweitig angezeigt.