Research Article
An Efficient Black-Box Vulnerability Scanning Method for Web Application
@INPROCEEDINGS{10.1007/978-3-030-00916-8_42, author={Haoxia Jin and Ming Xu and Xue Yang and Ting Wu and Ning Zheng and Tao Yang}, title={An Efficient Black-Box Vulnerability Scanning Method for Web Application}, proceedings={Collaborative Computing: Networking, Applications and Worksharing. 13th International Conference, CollaborateCom 2017, Edinburgh, UK, December 11--13, 2017, Proceedings}, proceedings_a={COLLABORATECOM}, year={2018}, month={10}, keywords={Web application Black-box vulnerability scanner}, doi={10.1007/978-3-030-00916-8_42} }- Haoxia Jin
Ming Xu
Xue Yang
Ting Wu
Ning Zheng
Tao Yang
Year: 2018
An Efficient Black-Box Vulnerability Scanning Method for Web Application
COLLABORATECOM
Springer
DOI: 10.1007/978-3-030-00916-8_42
Abstract
To discover web vulnerabilities before they are exploited by malicious attackers, black-box vulnerability scanners scan all the web pages of a web application. However, a web application implemented by several server-side programs with a backend database can generate a massive number of web pages, and may raise an unaffordable time consuming. The root cause of vulnerabilities is the mal-implemented server-side program, instead of any certain web pages that generated by the server-side program. In this paper, an efficient black-box web vulnerability scanning method – handler-ready – is proposed, which highlights the scanning on the server-side programs – – rather than concrete web pages. Handler-ready reduces the HTTP requests of massive web pages to a small number of , and gives the an even chance of being scanned. Therefore, the handler-ready can avoid being stuck with massive web pages that generated by the same when scanning. The experimental result shows that the proposed scanning method can discover more vulnerabilities than traditional methods in a limited amount of time.