Analyzing the traffic of penetration testing tools with an IDS
Many papers have been published comparing the accuracy of automated tools in looking for vulnerabilities in web applications. In those previous studies the researchers analyze vulnerable web applications with pentesting tools and then the reports that automated tools generate are compared to each ot...
Saved in:
Published in | The Journal of supercomputing Vol. 74; no. 12; pp. 6454 - 6469 |
---|---|
Main Authors | , , |
Format | Journal Article |
Language | English |
Published |
New York
Springer US
01.12.2018
Springer Nature B.V |
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | Many papers have been published comparing the accuracy of automated tools in looking for vulnerabilities in web applications. In those previous studies the researchers analyze vulnerable web applications with pentesting tools and then the reports that automated tools generate are compared to each other. The aim of this work is not only to know the detection capabilities of tools, but also to know what tests are performed, which vulnerabilities they try to detect and which really has the web application. This way it can be known whether the tests carried out by automated tools are efficient and meet two important aspects of the analysis tools: the automated tool has to try to detect all vulnerabilities in the web applications if it has a feature to do it; and also they have to report all vulnerabilities that they detect. |
---|---|
ISSN: | 0920-8542 1573-0484 |
DOI: | 10.1007/s11227-016-1920-7 |