Enlargement of vulnerable web applications for testing.

Saved in:
Bibliographic Details
Title: Enlargement of vulnerable web applications for testing.
Authors: Román Muñoz, Fernando1, Sabido Cortes, Iván Israel1, García Villalba, Luis Javier1
Source: Journal of Supercomputing. Dec2018, Vol. 74 Issue 12, p6598-6617. 20p.
Subjects: Web-based user interfaces, Computer security testing, Computer security vulnerabilities, Scanning systems, Application software security measures
Abstract: There are two main kinds of vulnerable web applications, usual applications developed with a specific aim and applications which are vulnerable by design. On one hand, the usual applications are those that are used everywhere and on a daily basis, and where vulnerabilities are detected, and often mended, such as online banking systems, newspaper sites, or any other Web site. On the other hand, vulnerable by design web applications are developed for proper evaluation of web vulnerability scanners and for training in detecting web vulnerabilities. The main drawback of vulnerable by design web applications is that they used to include just a short set of well-known types of vulnerabilities, usually from famous classifications like the OWASP Top Ten. They do not include most of the types of web vulnerabilities. In this paper, an analysis and assessment of vulnerable web applications is conducted in order to select the applications that include the larger set of types of vulnerabilities. Then those applications are enlarged with more types of web vulnerabilities that vulnerable web applications do not include. Lastly, the new vulnerable web applications have been analyzed to check whether web vulnerability scanners are able to detect the new added vulnerabilities, those vulnerabilities that vulnerable by design web applications do not include. The results show that the tools are not very successful in detecting those vulnerabilities, less than well-known vulnerabilities. [ABSTRACT FROM AUTHOR]
Copyright of Journal of Supercomputing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
Full text is not displayed to guests.
FullText Links:
  – Type: pdflink
Text:
  Availability: 1
Header DbId: egs
DbLabel: Engineering Source
An: 133270229
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Enlargement of vulnerable web applications for testing.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Román+Muñoz%2C+Fernando%22">Román Muñoz, Fernando</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22Sabido+Cortes%2C+Iván+Israel%22">Sabido Cortes, Iván Israel</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22García+Villalba%2C+Luis+Javier%22">García Villalba, Luis Javier</searchLink><relatesTo>1</relatesTo>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Journal+of+Supercomputing%22">Journal of Supercomputing</searchLink>. Dec2018, Vol. 74 Issue 12, p6598-6617. 20p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Web-based+user+interfaces%22">Web-based user interfaces</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+testing%22">Computer security testing</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+vulnerabilities%22">Computer security vulnerabilities</searchLink><br /><searchLink fieldCode="DE" term="%22Scanning+systems%22">Scanning systems</searchLink><br /><searchLink fieldCode="DE" term="%22Application+software+security+measures%22">Application software security measures</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: There are two main kinds of vulnerable web applications, usual applications developed with a specific aim and applications which are vulnerable by design. On one hand, the usual applications are those that are used everywhere and on a daily basis, and where vulnerabilities are detected, and often mended, such as online banking systems, newspaper sites, or any other Web site. On the other hand, vulnerable by design web applications are developed for proper evaluation of web vulnerability scanners and for training in detecting web vulnerabilities. The main drawback of vulnerable by design web applications is that they used to include just a short set of well-known types of vulnerabilities, usually from famous classifications like the OWASP Top Ten. They do not include most of the types of web vulnerabilities. In this paper, an analysis and assessment of vulnerable web applications is conducted in order to select the applications that include the larger set of types of vulnerabilities. Then those applications are enlarged with more types of web vulnerabilities that vulnerable web applications do not include. Lastly, the new vulnerable web applications have been analyzed to check whether web vulnerability scanners are able to detect the new added vulnerabilities, those vulnerabilities that vulnerable by design web applications do not include. The results show that the tools are not very successful in detecting those vulnerabilities, less than well-known vulnerabilities. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Journal of Supercomputing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=133270229
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.1007/s11227-017-1981-2
    Languages:
      – Code: eng
        Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 20
        StartPage: 6598
    Subjects:
      – SubjectFull: Web-based user interfaces
        Type: general
      – SubjectFull: Computer security testing
        Type: general
      – SubjectFull: Computer security vulnerabilities
        Type: general
      – SubjectFull: Scanning systems
        Type: general
      – SubjectFull: Application software security measures
        Type: general
    Titles:
      – TitleFull: Enlargement of vulnerable web applications for testing.
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Román Muñoz, Fernando
      – PersonEntity:
          Name:
            NameFull: Sabido Cortes, Iván Israel
      – PersonEntity:
          Name:
            NameFull: García Villalba, Luis Javier
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 12
              Text: Dec2018
              Type: published
              Y: 2018
          Identifiers:
            – Type: issn-print
              Value: 09208542
          Numbering:
            – Type: volume
              Value: 74
            – Type: issue
              Value: 12
          Titles:
            – TitleFull: Journal of Supercomputing
              Type: main
ResultId 1