Analysis of effectiveness of black-box web application scanners in detection of stored SQL injection and stored XSS vulnerabilities

Autor:	Muhammad Parvez, Pavol Zavarsky, Nidal Khoury
Rok vydání:	2015
Předmět:	Black box (phreaking) Authentication Database business.industry Computer science Cross-site scripting Computer security computer.software_genre Web application security Set (abstract data type) SQL injection Server Web application business computer
Zdroj:	ICITST
DOI:	10.1109/icitst.2015.7412085
Popis:	Stored SQL injection (SQLI) and Stored Cross Site Scripting (XSS) are the top most critical web application vulnerabilities in present time. Previous researches have shown that black-box scanners have relatively poor performance in detecting these two vulnerabilities. In this paper, we analyze the performance and detection capabilities of latest black-box web application security scanners against stored SQLI and stored XSS. Our analysis shows that the recent scanners are showing improved performance in detection of stored SQLI and stored XSS. We developed our custom test-bed to challenge the scanners' capabilities to detect stored SQLI and stored XSS. Our analysis revealed that black box scanners still need improvements in detecting stored SQLI and stored XSS vulnerabilities. In addition to the results of performance tests, the paper provides a set of recommendations that could enhance performance of scanners in detecting stored SQLI and stored XSS vulnerabilities.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_________::d2bca6d6c202244e672980ff4e874091 https://doi.org/10.1109/icitst.2015.7412085 Zobrazit plný text záznamu