Segurança na Web: análise black-box de scanners de vulnerabilidades
Abstract
Vulnerability scanners are essential tools for monitoring eminent se- curity risks on Web systems. Unlike the existing literature, this paper presents a detailed black-box analysis of a significant set of free vulnerability scanners. The results allow to identify the main differences between existing scanners, contributing to a better selection of these important tools when performing vulnerability scans on Web systems.
References
Baldessar, M. J. (2014). Noticiário internacional: um mapa de contradições e influências ideológicas e econômicas.
Bau, J., Bursztein, E., Gupta, D., and Mitchell, J. (2010). State of the art: Automated black-box web application vulnerability testing. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 332–345. IEEE.
Doupé, A., Cova, M., and Vigna, G. (2010). Why johnny can’t pentest: An analysis of black-box web vulnerability scanners. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 111–131. Springer.
Fong, E., Gaucher, R., Okun, V., Black, P. E., and Dalci, E. (2008). Building a test suite for web application scanners. In Hawaii International Conference on System Sciences, Proceedings of the 41st Annual, pages 478–478. IEEE.
Fong, E. and Okun, V. (2007). Web application scanners: definitions and functions. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, pages 280b–280b. IEEE.
INFOSEC (2017). 14 best open source web application vulnerability scanners. https://goo.gl/DknrqB.
Kreutz, D., Malichevskyy, O., Feitosa, E., Cunha, H., da Rosa Righi, R., and de Macedo, D. D. (2016). A cyber-resilient architecture for critical security services. Journal of Network and Computer Applications, 63(Supplement C):173 – 189. Mundo Hacker (2017). Ferramentas para scan de vulnerabilidades web. https://goo.gl/VNVcnP.
Offensive Security (2017). Kali tools - web applications. https://goo.gl/QfvN4u.
OWASP (2016). Broken web applications project. https://goo.gl/NScjJ.
OWASP (2017). Top ten 2017 project. https://goo.gl/snkFmd.
Perlman, R., Kaufman, C., and Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India.
Rocha, D., Kreutz, D., and Turchetti, R. (2012). A free and extensible tool to detect vulnerabilities in web systems. In Information Systems and Technologies (CISTI), 2012 7th Iberian Conference on, pages 1–6. IEEE.
Terminal Root (2017). 100 melhores ferramentas open source de seguranc¸a. https://goo.gl/9ksoXR.
Viegas, J. (2016). Por que o número de ataques virtuais aumentou e como evitá-los. https://goo.gl/zkNahP.
Vieira, M., Antunes, N., and Madeira, H. (2009). Using web security scanners to detect vulnerabilities in web services. In Dependable Systems & Networks, 2009. DSN’09. IEEE/IFIP International Conference on, pages 566–571. IEEE.
Bau, J., Bursztein, E., Gupta, D., and Mitchell, J. (2010). State of the art: Automated black-box web application vulnerability testing. In Security and Privacy (SP), 2010 IEEE Symposium on, pages 332–345. IEEE.
Doupé, A., Cova, M., and Vigna, G. (2010). Why johnny can’t pentest: An analysis of black-box web vulnerability scanners. In International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pages 111–131. Springer.
Fong, E., Gaucher, R., Okun, V., Black, P. E., and Dalci, E. (2008). Building a test suite for web application scanners. In Hawaii International Conference on System Sciences, Proceedings of the 41st Annual, pages 478–478. IEEE.
Fong, E. and Okun, V. (2007). Web application scanners: definitions and functions. In System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, pages 280b–280b. IEEE.
INFOSEC (2017). 14 best open source web application vulnerability scanners. https://goo.gl/DknrqB.
Kreutz, D., Malichevskyy, O., Feitosa, E., Cunha, H., da Rosa Righi, R., and de Macedo, D. D. (2016). A cyber-resilient architecture for critical security services. Journal of Network and Computer Applications, 63(Supplement C):173 – 189. Mundo Hacker (2017). Ferramentas para scan de vulnerabilidades web. https://goo.gl/VNVcnP.
Offensive Security (2017). Kali tools - web applications. https://goo.gl/QfvN4u.
OWASP (2016). Broken web applications project. https://goo.gl/NScjJ.
OWASP (2017). Top ten 2017 project. https://goo.gl/snkFmd.
Perlman, R., Kaufman, C., and Speciner, M. (2016). Network security: private communication in a public world. Pearson Education India.
Rocha, D., Kreutz, D., and Turchetti, R. (2012). A free and extensible tool to detect vulnerabilities in web systems. In Information Systems and Technologies (CISTI), 2012 7th Iberian Conference on, pages 1–6. IEEE.
Terminal Root (2017). 100 melhores ferramentas open source de seguranc¸a. https://goo.gl/9ksoXR.
Viegas, J. (2016). Por que o número de ataques virtuais aumentou e como evitá-los. https://goo.gl/zkNahP.
Vieira, M., Antunes, N., and Madeira, H. (2009). Using web security scanners to detect vulnerabilities in web services. In Dependable Systems & Networks, 2009. DSN’09. IEEE/IFIP International Conference on, pages 566–571. IEEE.
Published
2017-10-18
How to Cite
FERRÃO, Isadora; KREUTZ, Diego.
Segurança na Web: análise black-box de scanners de vulnerabilidades. In: REGIONAL SCHOOL OF SOFTWARE ENGINEERING (ERES), 1. , 2017, Alegrete.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2017
.
p. 137-144.
