Type of Document Master's Thesis Author Shelly, David Andrew Author's Email Address firstname.lastname@example.org URN etd-08102010-184408 Title Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners Degree Master of Science Department Electrical and Computer Engineering Advisory Committee
Advisor Name Title Tront, Joseph G. Committee Chair Marchany, Randolph C. Committee Member Midkiff, Scott F. Committee Member Keywords
- Vulnerability Detection
- Web Application Scanners
- Web Application Security
- Black Box Testing
Date of Defense 2010-07-29 Availability unrestricted AbstractThe threat of cyber attacks due to improper security is a real and evolving danger. Corporate and personal data is breached and lost because of web application vulnerabilities thousands of times every year. The large number of cyber attacks can partially be attributed to the fact that web application vulnerability scanners are not used by web site administrators to scan for flaws. Web application vulnerability scanners are tools that can be used by network administrators and security experts to help prevent and detect vulnerabilities such as SQL injection, buffer overflows, cross-site scripting, malicious file execution, and session hijacking.
However, these tools have been found to have flaws and limitations as well. Research has shown that web application vulnerability scanners are not capable of always detecting vulnerabilities and attack vectors, and do not give effective measurements of web application security. This research presents a method to analyze the flaws and limitations of several of the most popular commercial and free/open-source web application scanners by using a secure and insecure version of a custom-built web application. Using this described method, key improvements that should be made to web application scanner techniques to reduce the number of false-positive and false-negative results are proposed.
Filename Size Approximate Download Time (Hours:Minutes:Seconds)
28.8 Modem 56K Modem ISDN (64 Kb) ISDN (128 Kb) Higher-speed Access Shelly_DA_T_2010.pdf 881.87 Kb 00:04:04 00:02:05 00:01:50 00:00:55 00:00:04
If you have questions or technical problems, please Contact DLA.