State of the Art: Automated Black-Box Web Application Vulnerability Testing
Source: Stanford University
Black-box web application vulnerability scanners are automated tools that probe web applications for security vulnerabilities. In order to assess the current state of the art, the authors obtained access to eight leading tools and carried out a study of: the class of vulnerabilities tested by these scanners, their effectiveness against target vulnerabilities, and the relevance of the target vulnerabilities to vulnerabilities found in the wild. To conduct their study they used a custom web application vulnerable to known and projected vulnerabilities, and previous versions of widely used web applications containing known vulnerabilities.