首页    期刊浏览 2024年11月07日 星期四
登录注册

文章基本信息

  • 标题:The approaches to quantify web application security scanners quality: a review
  • 作者:Lim Kah Seng ; Norafida Ithnin ; Syed Zainudeen Mohd Said
  • 期刊名称:International Journal of Advanced Computer Research
  • 印刷版ISSN:2249-7277
  • 电子版ISSN:2277-7970
  • 出版年度:2018
  • 卷号:8
  • 期号:38
  • 页码:285-312
  • 出版社:Association of Computer Communication Education for National Triumph (ACCENT)
  • 摘要:The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners’ test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality.
  • 关键词:Web application security scanner; Penetration testing; Quality criteria; PRISMA.
Loading...
联系我们|关于我们|网站声明
国家哲学社会科学文献中心版权所有