SecuBat: A web vulnerability scanner

Proceedings of the 15th International Conference on World Wide Web

Volumn , Issue , 2006, Pages 247-256

  Kals, Stefan ^a   Kirda, Engin ^a   Kruegel, Christopher ^a   Jovanovic, Nenad ^a  

^a VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

Automated vulnerability detection; Crawling; Cross site scripting; Scanner; Security; SQL injection; XSS

Indexed keywords

AUTOMATED VULNERABILITY DETECTION; CRAWLING; CROSS-SITE SCRIPTING (XSS); SCANNERS; SQL INJECTION; WEB APPLICATIONS; CROSS-SITE SCRIPTING; SCANNER; SECURITY; XSS;

NETWORK SECURITY; QUERY LANGUAGES; SCANNING; SOFTWARE ENGINEERING; INTERNET; WEBSITES;

WORLD WIDE WEB; SECURITY OF DATA;

EID: 34250673645     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1135777.1135817     Document Type: Conference Paper

References (24)

1. Abdulkader A. Alfantookh. An automated universal server level solution for SQL injection security flaw. International Conference, on Electrical, Electronic and Computer Engineering, pages 131-135, September 2004.
2. CERT. Advisory CA-2000-02: malicious HTML tags embedded in client web requests. http://www.cert.org/advisories/CA-2000-02.html, 2000.
3. W3C World Wide Web Consortium. HTTP Hypertext Transfer Protocol. http://www.w3.org/Protocols/, 2000.
4. Microsoft Corporation. Architecture and Design Review for Security. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnets%ec/html/ THCMCh05.asp, 2005.
5. Microsoft Corporation. ISAPI Server Extensions and Filters. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vccore%98/ HTML/_core_isapi_server_extensions_and_fliters.asp, 2005.
6. Microsoft Corporation. Microsoft .NET Framework Development Center. http://msdn.microsoft.com/netframework/, 2005.
7. Microsoft Corporation. System.Reflection Namespace. http://msdn. microsoft.com/library/default.asp?url=/library/en-us/cpref/%html/ frlrfsystemreflection.asp, 2005.
8. David Cruwys. C Sharp/VB - Automated WebSpider / WebRobot. http://www.codeproject.com/csharp/DavWebSpider.asp, March 2004.
9. David Endler. The Evolution of Cross Site Scripting Attacks. Technical report, iDEFENSE Labs, 2002.
10. Carlo Ghezzi, Mehdi Jazayeri, and Dino Mandrioli. Fundamentals of Software Engineering. Prentice-Hall International, 1994.
11. Yao-Wen Huang, Fang Yu and Christian Hang, Chung-Hung Tsai, Der-Tsai Lee, and Sy-Yen Kuo. Securing web application code by static analysis and runtime protection. In 13th ACM International World Wide Web Conference, 2004.
12. Yao-Wen Huang, Shih-Kun Huang, and Tsung-Po Lin. Web Application Security Assessment by Fault Injection and Behavior Monitoring. 12th ACM International World Wide Web Conference, May 2003.
13. Insecure.org. NMap Network Scanner. http://www.insecure.org/nmap/, 2005.
14. Rachael Lininger and Russell D. Vines. Phishing. Wiley Publishing Inc., May 2005.
15. Acunetix Ltd. Acunetix Web Vulnerability Scanner. http://www.acunetix. com/, 2005.
16. Ken Moody and Marco Palomino. SharpSpider: Spidering the Web through Web Services. First Latin American Web Congress (LA-WEB 2003), 2003.
17. Information Technology Industry Council NCITS. SQL-92 standard, http://www.ncits.org/, 1992.
18. Nikto. Web Server Scanner. http://www.cirt.net/code/nikto.shtml, 2005.
19. RSnake. XSS cheatsheet. http://sec.drorshalev.com/dev/xss/xssTricks.htm.
20. David Scott and Richard Sharp. Abstracting application-level Web security, 11th ACM International World Wide Web Conference, Hawaii, USA, 2002.
21. SelfHtml. JavaScript Tutorial. http://www.selfhtml.de, 2005.
22. Tenable Network SecurityTM. Nessus Open Source Vulnerability Scanner Project. http://www.nessus.org/, 2005.
23. Paolo Tonella, and Filippo Ricca. A 2-Layer Model for the White-Box Testing of Web Applications. In IEEE International Workshop on Web Site Evolution (WSE), 2004.
24. Xprobe. Xprobe: active os fingerprinting tool. http://xprobe.sourceforge. net/, 2005.