Evaluation of web vulnerability scanners based on OWASP benchmark

Balume Mburano, Weisheng Si

Research output: Chapter in Book / Conference PaperConference Paperpeer-review

37 Citations (Scopus)

Abstract

![CDATA[The widespread adoption of web vulnerability scanners and their differences in effectiveness make it necessary to benchmark these scanners. Moreover, the literature lacks the comparison of the results of scanners effectiveness from different benchmarks. In this paper, we first compare the performances of some open source web vulnerability scanners of our careful choice by running them against the OWASP benchmark, which is developed by the Open Web Application Security Project (OWASP), a well-known non-profit web security organization. Furthermore, we compare our results from the OWASP benchmark with the existing results from the Web Application Vulnerability Security Evaluation Project (WAVSEP) benchmark, another popular benchmark used to evaluate scanner effectiveness. We are the first to make a comparison between these two benchmarks in literature. Our evaluation results allow us to make some valuable recommendations for the practice of benchmarking web scanners.]]
Original languageEnglish
Title of host publicationProceedings of the 26th International Conference on Systems Engineering (ICSEng 2018), December 18-20, 2018, University of Technology Sydney, Australia
PublisherIEEE
Number of pages6
ISBN (Print)9781538678343
DOIs
Publication statusPublished - 2018
EventInternational Conference on Systems Engineering -
Duration: 18 Dec 2018 → …

Conference

ConferenceInternational Conference on Systems Engineering
Period18/12/18 → …

Keywords

  • World Wide Web
  • computer security
  • security measures
  • web applications

Fingerprint

Dive into the research topics of 'Evaluation of web vulnerability scanners based on OWASP benchmark'. Together they form a unique fingerprint.

Cite this