基于OWASP基准的Web漏洞扫描器评估

2018 26th International Conference on Systems Engineering (ICSEng) Pub Date : 2018-12-01 DOI:10.1109/ICSENG.2018.8638176

Balume Mburano, Weisheng Si

{"title":"基于OWASP基准的Web漏洞扫描器评估","authors":"Balume Mburano, Weisheng Si","doi":"10.1109/ICSENG.2018.8638176","DOIUrl":null,"url":null,"abstract":"The widespread adoption of web vulnerability scanners and their differences in effectiveness make it necessary to benchmark these scanners. Moreover, the literature lacks the comparison of the results of scanners effectiveness from different benchmarks. In this paper, we first compare the performances of some open source web vulnerability scanners of our careful choice by running them against the OWASP benchmark, which is developed by the Open Web Application Security Project (OWASP), a well-known non-profit web security organization. Furthermore, we compare our results from the OWASP benchmark with the existing results from the Web Application Vulnerability Security Evaluation Project (WAVSEP) benchmark, another popular benchmark used to evaluate scanner effectiveness. We are the first to make a comparison between these two benchmarks in literature. Our evaluation results allow us to make some valuable recommendations for the practice of benchmarking web scanners.","PeriodicalId":356324,"journal":{"name":"2018 26th International Conference on Systems Engineering (ICSEng)","volume":"62 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"35","resultStr":"{\"title\":\"Evaluation of Web Vulnerability Scanners Based on OWASP Benchmark\",\"authors\":\"Balume Mburano, Weisheng Si\",\"doi\":\"10.1109/ICSENG.2018.8638176\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The widespread adoption of web vulnerability scanners and their differences in effectiveness make it necessary to benchmark these scanners. Moreover, the literature lacks the comparison of the results of scanners effectiveness from different benchmarks. In this paper, we first compare the performances of some open source web vulnerability scanners of our careful choice by running them against the OWASP benchmark, which is developed by the Open Web Application Security Project (OWASP), a well-known non-profit web security organization. Furthermore, we compare our results from the OWASP benchmark with the existing results from the Web Application Vulnerability Security Evaluation Project (WAVSEP) benchmark, another popular benchmark used to evaluate scanner effectiveness. We are the first to make a comparison between these two benchmarks in literature. Our evaluation results allow us to make some valuable recommendations for the practice of benchmarking web scanners.\",\"PeriodicalId\":356324,\"journal\":{\"name\":\"2018 26th International Conference on Systems Engineering (ICSEng)\",\"volume\":\"62 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"35\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2018 26th International Conference on Systems Engineering (ICSEng)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICSENG.2018.8638176\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 26th International Conference on Systems Engineering (ICSEng)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICSENG.2018.8638176","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 35

摘要

web漏洞扫描器的广泛采用及其有效性的差异使得有必要对这些扫描器进行基准测试。此外，文献缺乏对不同基准下扫描仪有效性结果的比较。在本文中，我们首先比较了我们精心选择的一些开源web漏洞扫描器的性能，并将它们运行在OWASP基准上，OWASP是由一个著名的非营利web安全组织开放web应用程序安全项目(OWASP)开发的。此外，我们将OWASP基准测试的结果与Web应用程序漏洞安全评估项目(WAVSEP)基准测试的现有结果进行了比较，这是另一个用于评估扫描仪有效性的流行基准测试。我们是第一个对这两个文学基准进行比较的人。我们的评估结果使我们能够对web扫描器的基准测试实践提出一些有价值的建议。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Evaluation of Web Vulnerability Scanners Based on OWASP Benchmark

The widespread adoption of web vulnerability scanners and their differences in effectiveness make it necessary to benchmark these scanners. Moreover, the literature lacks the comparison of the results of scanners effectiveness from different benchmarks. In this paper, we first compare the performances of some open source web vulnerability scanners of our careful choice by running them against the OWASP benchmark, which is developed by the Open Web Application Security Project (OWASP), a well-known non-profit web security organization. Furthermore, we compare our results from the OWASP benchmark with the existing results from the Web Application Vulnerability Security Evaluation Project (WAVSEP) benchmark, another popular benchmark used to evaluate scanner effectiveness. We are the first to make a comparison between these two benchmarks in literature. Our evaluation results allow us to make some valuable recommendations for the practice of benchmarking web scanners.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2018 26th International Conference on Systems Engineering (ICSEng)

自引率

0.00%

发文量

期刊最新文献

Essential Skill of Enterprise Architect Practitioners for Digital Era Power usage optimization in multi-UAV common-mission cooperative UAS systems A New Novel Improved Technique for PAPR Reduction in OFDM System Performance Investigation of a PV Emulator Using Current Source and Diode String ICSEng 2018 Preface