Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners

Date Added: Aug 2010
Format: PDF

Black-box web vulnerability scanners are a class of tools that can be used to identify security issues in web applications. These tools are often marketed as "Point-and-click pentesting" tools that automatically evaluate the security of web applications with little or no human support. These tools access a web application in the same way users do, and, therefore, have the advantage of being independent of the particular technology used to implement the web application. However, these tools need to be able to access and test the application's various components, which are often hidden behind forms, JavaScript-generated links, and Flash applications.