Analyzing the traffic of penetration testing tools with an IDS

Many papers have been published comparing the accuracy of automated tools in looking for vulnerabilities in web applications. In those previous studies the researchers analyze vulnerable web applications with pentesting tools and then the reports that automated tools generate are compared to each ot...

Full description

Saved in:
Bibliographic Details
Published inThe Journal of supercomputing Vol. 74; no. 12; pp. 6454 - 6469
Main Authors Muñoz, Fernando Román, Armas Vega, Esteban Alejandro, Villalba, Luis Javier García
Format Journal Article
LanguageEnglish
Published New York Springer US 01.12.2018
Springer Nature B.V
Subjects
Applications programs
Automation
Compilers
Computer Science
Cybersecurity
Interpreters
Processor Architectures
Programming Languages
Vulnerability
Web vulnerabilities
Cybersecurity
Automatic scanner tools
Online AccessGet full text

Cover

More Information
Summary:Many papers have been published comparing the accuracy of automated tools in looking for vulnerabilities in web applications. In those previous studies the researchers analyze vulnerable web applications with pentesting tools and then the reports that automated tools generate are compared to each other. The aim of this work is not only to know the detection capabilities of tools, but also to know what tests are performed, which vulnerabilities they try to detect and which really has the web application. This way it can be known whether the tests carried out by automated tools are efficient and meet two important aspects of the analysis tools: the automated tool has to try to detect all vulnerabilities in the web applications if it has a feature to do it; and also they have to report all vulnerabilities that they detect.
ISSN:0920-8542
1573-0484
DOI:10.1007/s11227-016-1920-7