Universiti Teknologi Malaysia Institutional Repository

The approaches to quantify web application security scanners quality: A review

Lim, Kah Seng and Ithnin, Norafida and Mohd. Said, Syed Zainudeen (2018) The approaches to quantify web application security scanners quality: A review. International Journal of Advanced Computer Research, 8 (38). pp. 285-312. ISSN 2249-7277

[img]
Preview
PDF
817kB

Official URL: http://dx.doi.org/10.19101/IJACR.2018.838012

Abstract

The web application security scanner is a computer program that assessed web application security with penetration testing technique. The benefit of automated web application penetration testing is huge, which web application security scanner not only reduced the time, cost, and resource required for web application penetration testing but also eliminate test engineer reliance on human knowledge. Nevertheless, web application security scanners are possessing weaknesses of low test coverage, and the scanners are generating inaccurate test results. Consequently, experimentations are frequently held to quantitatively quantify web application security scanner's quality to investigate the web application security scanner's strengths and limitations. However, there is a discovery that neither a standard methodology nor criterion is available for quantifying the web application security scanner's quality. Hence, in this paper systematic review is conducted and analysed the methodology and criterion used for quantifying web application security scanners' quality. In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and review using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol. The objectives are to provide practitioners with the understanding of methodologies and criterions that available for measuring web application security scanners' test coverage, attack coverage, and vulnerability detection rate, while provides the critical hint for development of the next testing framework, model, methodology, or criterions, to measure web application security scanner quality.

Item Type:Article
Uncontrolled Keywords:Penetration testing, PRISMA, quality criteria, web application security scanner
Subjects:Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computing
ID Code:86306
Deposited By: Yanti Mohd Shah
Deposited On:31 Aug 2020 13:57
Last Modified:31 Aug 2020 13:57

Repository Staff Only: item control page