Why Johnny Can’t Pentest: An Analysis of Black-Box Web Vulnerability Scanners

This paper presents an evaluation of eleven black-box web vulnerability scanners, both commercial and open-source

Adam Doupé


Scholarcy highlights

  • Web application vulnerabilities, such as cross-site scripting and SQL injection, are one of the most pressing security problems on the Internet today
  • A common approach to the security testing of web applications consists of using black-box web vulnerability scanners
  • These are tools that crawl a web application to enumerate all the reachable pages and the associated input vectors, generate specially-crafted input values that are submitted to the application, and observe the application’s behavior to determine if a vulnerability has been triggered
  • – We analyze in detail why the web application vulnerability scanners succeed or fail and we identify areas that need further research
  • In addition to being critically important to the WackoPicko benchmark, being able to create an account is an important skill for a scanner to have when analyzing any web site, especially if that scanner wishes to be a point-and-click web application vulnerability scanner
  • We have found areas that require further research so that web application vulnerability scanners can improve their detection of vulnerabilities
  • Improved reverse engineering is necessary to keep track of the state of the application, which can enable automated detection of complex vulnerabilities

Need more features? Save interactive summary cards to your Scholarcy Library.