Please use this identifier to cite or link to this item:
https://doi.org/10.21256/zhaw-3927
Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Esposito, Damiano | - |
dc.contributor.author | Rennhard, Marc | - |
dc.contributor.author | Ruf, Lukas | - |
dc.contributor.author | Wagner, Arno | - |
dc.date.accessioned | 2018-08-02T14:45:54Z | - |
dc.date.available | 2018-08-02T14:45:54Z | - |
dc.date.issued | 2018 | - |
dc.identifier.uri | https://digitalcollection.zhaw.ch/handle/11475/8840 | - |
dc.description.abstract | Using automated web application vulnerability scanners so that they truly live up to their potential is difficult. Two of the main reasons for this are limitations with respect to crawling capabilities and problems to perform authenticated scans. In this paper, we present JARVIS, which provides technical solutions that can be applied to a wide range of vulnerability scanners to overcome these limitations. Our evaluation shows that by using JARVIS, the vulnerability detection performance of five freely available scanners can be improved by more than 100% compared to using them in their basic configuration. As the configuration effort to use JARVIS is small and the configurations are scanner-independent, JARVIS also allows to use multiple scanners in parallel in an efficient way. In an additional evaluation, we therefore analyzed the potential and limitations of using multiple scanners in parallel. This revealed that using multiple scanners in a reasonable way is indeed beneficial as it increases the number of detected vulnerabilities without a significant negative impact on the reported false positives. | de_CH |
dc.language.iso | en | de_CH |
dc.publisher | IARIA | de_CH |
dc.rights | Licence according to publishing contract | de_CH |
dc.subject | Web application security | de_CH |
dc.subject | Vulnerability scanning | de_CH |
dc.subject | Vulnerability detection performance | de_CH |
dc.subject.ddc | 005: Computerprogrammierung, Programme und Daten | de_CH |
dc.title | Exploiting the potential of web application vulnerability scanning | de_CH |
dc.type | Konferenz: Paper | de_CH |
dcterms.type | Text | de_CH |
zhaw.departement | School of Engineering | de_CH |
zhaw.organisationalunit | Institut für Informatik (InIT) | de_CH |
dc.identifier.doi | 10.21256/zhaw-3927 | - |
zhaw.conference.details | ICIMP 2018 the Thirteenth International Conference on Internet Monitoring and Protection, Barcelona, Spain, 22-26 July 2018 | de_CH |
zhaw.funding.eu | No | de_CH |
zhaw.originated.zhaw | Yes | de_CH |
zhaw.pages.end | 29 | de_CH |
zhaw.pages.start | 22 | de_CH |
zhaw.publication.status | publishedVersion | de_CH |
zhaw.publication.review | Peer review (Publikation) | de_CH |
zhaw.title.proceedings | ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection | de_CH |
zhaw.webfeed | Information Security | de_CH |
zhaw.funding.zhaw | ASAP: Plattform für die automatisierte Sicherheitsanalyse von IT-Systemen | de_CH |
Appears in collections: | Publikationen School of Engineering |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
icimp_2018_2_10_30010.pdf | Paper | 319.6 kB | Adobe PDF | View/Open |
Show simple item record
Esposito, D., Rennhard, M., Ruf, L., & Wagner, A. (2018). Exploiting the potential of web application vulnerability scanning [Conference paper]. ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, 22–29. https://doi.org/10.21256/zhaw-3927
Esposito, D. et al. (2018) ‘Exploiting the potential of web application vulnerability scanning’, in ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection. IARIA, pp. 22–29. Available at: https://doi.org/10.21256/zhaw-3927.
D. Esposito, M. Rennhard, L. Ruf, and A. Wagner, “Exploiting the potential of web application vulnerability scanning,” in ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection, 2018, pp. 22–29. doi: 10.21256/zhaw-3927.
ESPOSITO, Damiano, Marc RENNHARD, Lukas RUF und Arno WAGNER, 2018. Exploiting the potential of web application vulnerability scanning. In: ICIMP 2018 - The Thirteenth International Conference on Internet Monitoring and Protection. Conference paper. IARIA. 2018. S. 22–29
Esposito, Damiano, Marc Rennhard, Lukas Ruf, and Arno Wagner. 2018. “Exploiting the Potential of Web Application Vulnerability Scanning.” Conference paper. In ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, 22–29. IARIA. https://doi.org/10.21256/zhaw-3927.
Esposito, Damiano, et al. “Exploiting the Potential of Web Application Vulnerability Scanning.” ICIMP 2018 - the Thirteenth International Conference on Internet Monitoring and Protection, IARIA, 2018, pp. 22–29, https://doi.org/10.21256/zhaw-3927.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.