The approaches to quantify web application security scanners quality: a review
Journal: International Journal of Advanced Computer Research (IJACR) (Vol.8, No. 38)Publication Date: 2018-09-27
Authors : Lim Kah Seng Norafida Ithnin; Syed Zainudeen Mohd Said;
Page : 285-312
Keywords : Lim Kah Seng; Norafida Ithnin and Syed Zainudeen Mohd Said;
Abstract
The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality.
Other Latest Articles
- Risk and prediction of neonatal sepsis in the General Teaching Hospital "Dr. Agostinho Neto" Guantanamo
- Design and implementation of Haar wavelet packet modulation based differential chaos shift keying communication system using FPGA
- Results into ambulatory surgery and short stay in several CDI from Marcaibo, Venezuela
- A reconfigurable architecture for object detection using adaptive threshold
- Prevalence of bacterial bronchopneumonia at the Pediatric Intensive Care Unit. General Teaching Hospital, Baracoa, Guantanamo
Last modified: 2018-10-18 23:54:34