Automated Black-Box Web Application Vulnerability Testing

Date Added: Sep 2011
Format: PDF

Black-box web application vulnerability scanners are automated tools that probe web applications for security vulnerabilities. In order to assess the current state of the art, the authors obtained access to eight leading tools and carried out a study of: the class of vulnerabilities tested by these scanners, their effectiveness against target vulnerabilities, and the relevance of the target vulnerabilities to vulnerabilities found in the wild. Their results show the promise and effectiveness of automated tools, as a group, and also some limitations.