The approaches to quantify web application security scanners quality: A review
The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required fo...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Accent Social and Welfare Society
2018
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/86306/1/LimKahSeng2018_TheApproachestoQuantifyWebApplicationSecurity.pdf http://eprints.utm.my/id/eprint/86306/ http://dx.doi.org/10.19101/IJACR.2018.838012 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.utm.86306 |
|---|---|
| record_format |
eprints |
| spelling |
my.utm.863062020-08-31T13:57:37Z http://eprints.utm.my/id/eprint/86306/ The approaches to quantify web application security scanners quality: A review Lim, Kah Seng Ithnin, Norafida Mohd. Said, Syed Zainudeen QA75 Electronic computers. Computer science The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality. Accent Social and Welfare Society 2018-09-01 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/86306/1/LimKahSeng2018_TheApproachestoQuantifyWebApplicationSecurity.pdf Lim, Kah Seng and Ithnin, Norafida and Mohd. Said, Syed Zainudeen (2018) The approaches to quantify web application security scanners quality: A review. International Journal of Advanced Computer Research, 8 (38). pp. 285-312. ISSN 2249-7277 http://dx.doi.org/10.19101/IJACR.2018.838012 DOI:10.19101/IJACR.2018.838012 |
| institution |
Universiti Teknologi Malaysia |
| building |
UTM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Teknologi Malaysia |
| content_source |
UTM Institutional Repository |
| url_provider |
http://eprints.utm.my/ |
| language |
English |
| topic |
QA75 Electronic computers. Computer science |
| spellingShingle |
QA75 Electronic computers. Computer science Lim, Kah Seng Ithnin, Norafida Mohd. Said, Syed Zainudeen The approaches to quantify web application security scanners quality: A review |
| description |
The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality. |
| format |
Article |
| author |
Lim, Kah Seng Ithnin, Norafida Mohd. Said, Syed Zainudeen |
| author_facet |
Lim, Kah Seng Ithnin, Norafida Mohd. Said, Syed Zainudeen |
| author_sort |
Lim, Kah Seng |
| title |
The approaches to quantify web application security scanners quality: A review |
| title_short |
The approaches to quantify web application security scanners quality: A review |
| title_full |
The approaches to quantify web application security scanners quality: A review |
| title_fullStr |
The approaches to quantify web application security scanners quality: A review |
| title_full_unstemmed |
The approaches to quantify web application security scanners quality: A review |
| title_sort |
approaches to quantify web application security scanners quality: a review |
| publisher |
Accent Social and Welfare Society |
| publishDate |
2018 |
| url |
http://eprints.utm.my/id/eprint/86306/1/LimKahSeng2018_TheApproachestoQuantifyWebApplicationSecurity.pdf http://eprints.utm.my/id/eprint/86306/ http://dx.doi.org/10.19101/IJACR.2018.838012 |
| _version_ |
1677781159105265664 |
| score |
13.226497 |