Enlargement of vulnerable web applications for testing.
Saved in:
| Title: | Enlargement of vulnerable web applications for testing. |
|---|---|
| Authors: | Román Muñoz, Fernando1, Sabido Cortes, Iván Israel1, García Villalba, Luis Javier1 |
| Source: | Journal of Supercomputing. Dec2018, Vol. 74 Issue 12, p6598-6617. 20p. |
| Subjects: | Web-based user interfaces, Computer security testing, Computer security vulnerabilities, Scanning systems, Application software security measures |
| Abstract: | There are two main kinds of vulnerable web applications, usual applications developed with a specific aim and applications which are vulnerable by design. On one hand, the usual applications are those that are used everywhere and on a daily basis, and where vulnerabilities are detected, and often mended, such as online banking systems, newspaper sites, or any other Web site. On the other hand, vulnerable by design web applications are developed for proper evaluation of web vulnerability scanners and for training in detecting web vulnerabilities. The main drawback of vulnerable by design web applications is that they used to include just a short set of well-known types of vulnerabilities, usually from famous classifications like the OWASP Top Ten. They do not include most of the types of web vulnerabilities. In this paper, an analysis and assessment of vulnerable web applications is conducted in order to select the applications that include the larger set of types of vulnerabilities. Then those applications are enlarged with more types of web vulnerabilities that vulnerable web applications do not include. Lastly, the new vulnerable web applications have been analyzed to check whether web vulnerability scanners are able to detect the new added vulnerabilities, those vulnerabilities that vulnerable by design web applications do not include. The results show that the tools are not very successful in detecting those vulnerabilities, less than well-known vulnerabilities. [ABSTRACT FROM AUTHOR] |
| Copyright of Journal of Supercomputing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Engineering Source |
|
Full text is not displayed to guests.
Login for full access.
|
|
| FullText | Links: – Type: pdflink Text: Availability: 1 |
|---|---|
| Header | DbId: egs DbLabel: Engineering Source An: 133270229 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 0 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Enlargement of vulnerable web applications for testing. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Román+Muñoz%2C+Fernando%22">Román Muñoz, Fernando</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22Sabido+Cortes%2C+Iván+Israel%22">Sabido Cortes, Iván Israel</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22García+Villalba%2C+Luis+Javier%22">García Villalba, Luis Javier</searchLink><relatesTo>1</relatesTo> – Name: TitleSource Label: Source Group: Src Data: <searchLink fieldCode="JN" term="%22Journal+of+Supercomputing%22">Journal of Supercomputing</searchLink>. Dec2018, Vol. 74 Issue 12, p6598-6617. 20p. – Name: Subject Label: Subjects Group: Su Data: <searchLink fieldCode="DE" term="%22Web-based+user+interfaces%22">Web-based user interfaces</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+testing%22">Computer security testing</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+security+vulnerabilities%22">Computer security vulnerabilities</searchLink><br /><searchLink fieldCode="DE" term="%22Scanning+systems%22">Scanning systems</searchLink><br /><searchLink fieldCode="DE" term="%22Application+software+security+measures%22">Application software security measures</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: There are two main kinds of vulnerable web applications, usual applications developed with a specific aim and applications which are vulnerable by design. On one hand, the usual applications are those that are used everywhere and on a daily basis, and where vulnerabilities are detected, and often mended, such as online banking systems, newspaper sites, or any other Web site. On the other hand, vulnerable by design web applications are developed for proper evaluation of web vulnerability scanners and for training in detecting web vulnerabilities. The main drawback of vulnerable by design web applications is that they used to include just a short set of well-known types of vulnerabilities, usually from famous classifications like the OWASP Top Ten. They do not include most of the types of web vulnerabilities. In this paper, an analysis and assessment of vulnerable web applications is conducted in order to select the applications that include the larger set of types of vulnerabilities. Then those applications are enlarged with more types of web vulnerabilities that vulnerable web applications do not include. Lastly, the new vulnerable web applications have been analyzed to check whether web vulnerability scanners are able to detect the new added vulnerabilities, those vulnerabilities that vulnerable by design web applications do not include. The results show that the tools are not very successful in detecting those vulnerabilities, less than well-known vulnerabilities. [ABSTRACT FROM AUTHOR] – Name: AbstractSuppliedCopyright Label: Group: Ab Data: <i>Copyright of Journal of Supercomputing is the property of Springer Nature and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=133270229 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.1007/s11227-017-1981-2 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 20 StartPage: 6598 Subjects: – SubjectFull: Web-based user interfaces Type: general – SubjectFull: Computer security testing Type: general – SubjectFull: Computer security vulnerabilities Type: general – SubjectFull: Scanning systems Type: general – SubjectFull: Application software security measures Type: general Titles: – TitleFull: Enlargement of vulnerable web applications for testing. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Román Muñoz, Fernando – PersonEntity: Name: NameFull: Sabido Cortes, Iván Israel – PersonEntity: Name: NameFull: García Villalba, Luis Javier IsPartOfRelationships: – BibEntity: Dates: – D: 01 M: 12 Text: Dec2018 Type: published Y: 2018 Identifiers: – Type: issn-print Value: 09208542 Numbering: – Type: volume Value: 74 – Type: issue Value: 12 Titles: – TitleFull: Journal of Supercomputing Type: main |
| ResultId | 1 |