DocumentCode
3331534
Title
Web Application Scanners: Definitions and Functions
Author
Fong, Elizabeth ; Okun, Vadim
Author_Institution
Inf. Technol. Lab., Nat. Inst. of Stand. & Technol., Gaithersburg, MD
fYear
2007
fDate
Jan. 2007
Abstract
There are many commercial software security assurance tools that claim to detect and prevent vulnerabilities in application software. However, a closer look at the tools often leaves one wondering which tools find what vulnerabilities. This paper identifies a taxonomy of software security assurance tools and defines one type of tool: Web application scanner, i.e., an automated program that examines Web applications for security vulnerabilities. We describe the types of functions that are generally found in a Web application scanner and how to test it
Keywords
Internet; security of data; Web application scanner; commercial software security assurance tool; software vulnerability; Application software; Buffer overflow; Information security; Information technology; Laboratories; NIST; National security; Software measurement; Software tools; Testing; Software assurance; software security; software security assurance tool; vulnerability.; web application;
fLanguage
English
Publisher
ieee
Conference_Titel
System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on
Conference_Location
Waikoloa, HI
ISSN
1530-1605
Electronic_ISBN
1530-1605
Type
conf
DOI
10.1109/HICSS.2007.611
Filename
4076950
Link To Document