Localization for Vulnerability Scanner

Lai, Kun-Ye

15 July 2004

With the popularization of Internet, and the vulnerabilities found continuously, network hosts meet more and more risks of being attacked. If we don¡¦t secure them well, they will become the targets of the hackers. In addition to the protection of firewalls, vulnerability scanners can also help us to find out the weekness of our network hosts. Nessus is an open source freeware which has the capability of vulnerability assessment. Nessus has very powerful scanning ability and is very easy to use. Nessus provides detailed result reports from the messages in the plugins. However, like many other freeware and software, Nessus is an English software. For this reason, Nessus provides English result reports. For those who do not use English as their first language, it costs a lot of time to read a lot of English result reports. In this research, we develop a localizational system of the Nessus scanner and provide the result reports in users¡¦ local language. We develop an automatic mechanism to extract the messages and infomations in the plugins, and put them into the vulnerability databases. We also develop two subsystems, one of them makes translators translates the message in the vulnerability database into their local language, and the other replaces the English result with those translated messages. This research proposes the design above and actually implements a localizational system of the Nessus scanner. It attempts to reduce the time and labor consumption while translating, automate the update process of vulnerability database, and avoid the modification of source code as possible.

Localization

Vulnerability Scanner

Vulnerability Database

Network Security

Code Automation for Vulnerability Scanner

Wu, Ching-Chang

06 July 2003

With enormous vulnerability discovered and Internet prevailing in the word, users confront with the more dangerous environment. As a result, the users have to understand the system risk necessarily. The vulnerability scanner provides the functionality that could check if the system is vulnerable. Nessus is a vulnerability scanner. It provides the customization capability that users could defined the security check. It develops a attack language called NASL. By use of NASL, users could write the security check by themselves. But before writing the security check, the users must know the architecture of Nessus and study how to write the security check by NASL. Different vulnerabilities have different the detection approach and communications method. If users don't know about above knowledge, they couldn¡¦t write the security check. In this research, we develop a automatic mechanism of generating code for the Nessus scanner and produce a security check. And we also provide two approaches to produce the security check. The one is the modularization. It takes part of function codes into a module, and combines the modules into a security check. The other one is package. The users can't involve the attack code and just only fill in some of parameters to produce the security check. This research proposes the design above and actually implements a system to generate attack codes. It attempts to decrease the needs of knowledge to users about security check, reduce the error rates by human typos, and enhance the efficiency and correctness for writing the security check

Vulnerability Scanner

Code Automation

Attack Language

Network Security

Integrating Automated Security Testing in the Agile Development Process : Earlier Vulnerability Detection in an Environment with High Security Demands / Integrering av automatiserad säkerhetstestning i den agila utvecklingsprocessen : Upptäck sårbarheter tidigare i en miljö med höga säkerhetskrav

Broström, Andreas

January 2015

The number of vulnerabilities discovered in software has been growing fast the last few years. At the same time the Agile method has quickly become one of the most popular methods for software development. However, it contains no mention of security, and since security is not traditionally agile it is hard to develop secure software using the Agile method. To make software secure, security testing must be included in the development process. The aim of this thesis is to investigate how and where security can be integrated in the Agile development process when developing web applications. In the thesis some possible approaches for this are presented, one of which is to use a web application security scanner. The crawling and detection abilities of four scanners are compared, on scanner evaluation applications and on applications made by Nordnet.An example implementation of one of those scanners is made in the testing phase of the development process. Finally, a guide is created that explains how to use the implementation. I reach the conclusion that it is possible to integrate security in the Agile development process by using a web application security scanner during testing. This approach requires a minimal effort to set up, is highly automated and it makes the Agile development process secure and more effective. / Antalet upptäckta sårbarheter i mjukvara har ökat fort under de senaste åren. Den agila metoden har samtidigt blivit en av de mest populära metoderna för mjukvaruutveckling. Den berör dock inte säkerhet, och eftersom säkerhet, traditionellt sett, inte är agilt så blir det svårt att utveckla säker mjukvara med den agila metoden. För att kunna göra mjukvaran säker så måste säkerhetstestning infogas i utvecklingsfasen. Syftet med det här arbetet är att undersöka hur och var säkerhet kan integreras i den agila utvecklingsprocessen vid utveckling av webbapplikationer. Några sätt att göra detta på beskrivs i arbetet, varav ett är att använda ett verktyg för säkerhetstestning. En jämförelse av hur bra fyra sådana verktyg är på att genomsöka och hitta sårbarheter utförs på applikationer designade för att utvärdera verktyg för säkerhetstestning, samt hos Nordnets egna applikationer. Sedan beskrivs en exempelimplementation av ett av dessa verktyg i testfasen av utvecklingsprocessen. Slutligen, tas en guide fram som beskriver hur implementationen kan användas. Jag kommer fram till att det är möjligt att inkludera säkerhet i den agila utvecklingsprocessen genom att använda ett verktyg för säkerhetstestning i testfasen av utvecklingsprocessen. Detta tillvägagångssätt innebär en minimal ansträngning att införa, är automatiserat i hög grad och det gör den agila utvecklingsprocessen säker och mer effektiv.

agile

security

testing

vulnerability scanner

detection

Computer Sciences

Datavetenskap (datalogi)

Mantis The Black-Box Scanner : Finding XSS vulnerabilities through parse errors

Liljebjörn, Johan, Broman, Hugo

January 2020

Abstract [en] Background. Penetration testing is a good technique for finding web vulnerabilities. Vulnerability scanners are often used to aid with security testing. The increased scope is becoming more difficult for scanners to handle in a reasonable amount of time. The problem with vulnerability scanners is that they rely on fuzzing to find vulnerabilities. A problem with fuzzing is that: it generates a lot of network traffic; scans can be excruciatingly slow; limited vulnerability detection if the output string is modified due to filtering or sanitization. Objectives. This thesis aims to investigate if an XSS vulnerability scanner can be made more scalable than the current state-of-the-art. The idea is to examine how reflected parameters can be detected, and if a different methodology can be applied to improve the detection of XSS vulnerabilities. The proposed vulnerability scanner is named Mantis. Methods. The research methods used in this thesis are literature review and experiment. In the literature review, we collected information about the investigated problem to help us analyze the identified research gaps. The experiment evaluated the proposed vulnerability scanner with the current state-of-the-art using the dataset, OWASP benchmark. Results. The result shows that reflected parameters can be reliably detected using approximate string matching. Using the parameter mapping, it was possible to detect reflected XSS vulnerabilities to a great extent. Mantis had an average scan time of 78 seconds, OWASP ZAP 95 seconds and Arachni 17 minutes. The dataset had a total of 246 XSS vulnerabilities. Mantis detected the most at 213 vulnerabilities, Arachni detected 183, and OWASP ZAP 137. None of the scanners had any false positives. Conclusions. Mantis has proven to be an efficient vulnerability scanner for detecting XSS vulnerabilities. Focusing on the set of characters that may lead to the exploitation of XSS has proven to be a great alternative to fuzzing. More testing of Mantis is needed to determine the usability of the vulnerability scanner in a real-world scenario. We believe the scanner has the potential to be a great asset for penetration testers in their work.

XSS

Reflected parameter

Vulnerability scanner

Scalability

Computer Sciences

Datavetenskap (datalogi)

Next Generation Black-Box Web Application Vulnerability Analysis Framework

January 2017

abstract: Web applications are an incredibly important aspect of our modern lives. Organizations and developers use automated vulnerability analysis tools, also known as scanners, to automatically find vulnerabilities in their web applications during development. Scanners have traditionally fallen into two types of approaches: black-box and white-box. In the black-box approaches, the scanner does not have access to the source code of the web application whereas a white-box approach has access to the source code. Today’s state-of-the-art black-box vulnerability scanners employ various methods to fuzz and detect vulnerabilities in a web application. However, these scanners attempt to fuzz the web application with a number of known payloads and to try to trigger a vulnerability. This technique is simple but does not understand the web application that it is testing. This thesis, presents a new approach to vulnerability analysis. The vulnerability analysis module presented uses a novel approach of Inductive Reverse Engineering (IRE) to understand and model the web application. IRE first attempts to understand the behavior of the web application by giving certain number of input/output pairs to the web application. Then, the IRE module hypothesizes a set of programs (in a limited language specific to web applications, called AWL) that satisfy the input/output pairs. These hypotheses takes the form of a directed acyclic graph (DAG). AWL vulnerability analysis module can then attempt to detect vulnerabilities in this DAG. Further, it generates the payload based on the DAG, and therefore this payload will be a precise payload to trigger the potential vulnerability (based on our understanding of the program). It then tests this potential vulnerability using the generated payload on the actual web application, and creates a verification procedure to see if the potential vulnerability is actually vulnerable, based on the web application’s response. / Dissertation/Thesis / Masters Thesis Computer Science 2017

Computer science

Black-Box

Cross Site Scripting

Inductive Reverse Engineering

Static Program Analysis

Vulnerability Scanner

XSS

Optimization of the Security Incident Management plan of NNIT A/s via the Integration of the Vulnerability Reports Creator

Vignoli, Benedetto Gabriele

January 2016

Modern IT companies manage security of their customers'networks following particular models, processes and procedures. In this thesis are presented the most important and widespread guidelines on Security Incident Response Plans as well as the implementation of a software for an IT danish company called NNIT. In particular, this software aims to improve NNIT's Security Incident Management Process generating automatic reports of vulnerabilities found in NNIT clients networks. Enhancing this process reducing its execution time is directly translated into a proactive response where vulnerabilities are tackled and patched before an attacker could exploit them. The software developed and described in this thesis is called VRC and thanks to a particular algorithm analyzes the database of vulnerabilities found by the vulnerability scanner and produces customizable reports. In the reports, the list of vulnerabilities is ordered by severity and number of machines a ected in order to present the most urgent vulnerabilities that should be xed. Finally, an evaluation of the VRC performance and usefulness is also included.

Elektroteknik och elektronik

Study of the techniques used by OWASP ZAP for analysis of vulnerabilities in web applications / En studie av de tekniker OWASP ZAP använder för att analysera sårbarheter i webbapplikationer

Jakobsson, Adam, Häggström, Isak

January 2022

Today, new web applications are made every single day with increasingly more sensitive data to manage. To ensure that no security vulnerabilities such as data leakage in web applications exist, developers are using tools such as a web vulnerability scanner. This type of tool can detect vulnerabilities by automatically finding input fields where data can be injected and performing different attacks on these fields. One of the most common web vulnerability scanners is OWASP ZAP. Web vulnerability scanners were first developed during a time when traditional multi-page applications were prominent. Nowadays, when modern single-page applications have become the de facto standard, new challenges for web vulnerability scanners have arisen. These problems include identifying dynamically updated web pages. This thesis aims to evaluate the techniques used by OWASP ZAP and several other web vulnerability scanners for identifying two of the most common vulnerabilities, SQL injections and cross-site scripting. This issue is approached by testing the selected web vulnerability scanners on deliberately vulnerable web applications, to assess the performance and techniques used, and to determine if the performance of OWASP ZAP could be improved. If an identified technique in another web vulnerability scanner performed better than the counterpart in OWASP ZAP, it will be implemented in OWASP ZAP and evaluated. From the tests performed, it could be concluded that the performance of OWASP ZAP was lacking in the search for input fields, where a depth-first search algorithm was used. The breadth-first search algorithm used by other scanners was shown to be more effective in specific cases and was therefore implemented in OWASP ZAP. The result shows that the use case for the two algorithms differs between web applications and by using both of the algorithms to find vulnerabilities, better performance is achieved.

SQL injection

Cross-site scripting

Web vulnerability scanner

Web security

Computer Sciences

Datavetenskap (datalogi)

Portais de governo eletrônico em Municípios do Estado da Paraíba: análise sob a óptica da segurança da informação

Sena, Alnio Suamy de

02 August 2017

Submitted by Fernando Souza (fernando@biblioteca.ufpb.br) on 2017-10-04T11:56:00Z No. of bitstreams: 1 arquivototal.pdf: 3127385 bytes, checksum: 642b4f5b14587b1f9a6e45fb220f1cec (MD5) / Made available in DSpace on 2017-10-04T11:56:00Z (GMT). No. of bitstreams: 1 arquivototal.pdf: 3127385 bytes, checksum: 642b4f5b14587b1f9a6e45fb220f1cec (MD5) Previous issue date: 2017-08-02 / Electronic government can be characterized as the use of Information and Communication Technologies by public administration as support for internal government processes and the delivery of government products and services to citizens and industry in a fast and efficient way. It is essential that e-government prevents unauthorized access to ensure that Integrity, Availability and Confidentiality, basic principles of information security, are protected from electronic threats on the Internet. These threats place information assets at constant risk by taking advantage of the various vulnerabilities in the virtual environment where e-government is inserted. Thus, this research aimed to analyze the possible vulnerabilities in egovernment portals of the municipalities of Paraíba State. The 50 municipalities that represent the largest share of the Gross Domestic Product (GDP) of the state of Paraíba were considered as the research population. From these, it was possible to analyze the portals of 40. This research was characterized as a descriptive research, with a Quantitative approach. In order to collect data, we used Nestparker software, a vulnerability scanner whose function is to track and identify vulnerabilities in Web applications. As a result, 822 vulnerabilities were found, of which 15% are Critical and 15% High Criticality. In addition, 10% of the vulnerabilities were classified as Medium Criticality, which, in addition to other vulnerabilities with higher impacts, represents a scenario with more than 40% vulnerabilities found in the portals of the municipalities analyzed. Such vulnerabilities have the potential to allow malicious elements to negatively impact the continuity of the service. In addition to identifying the vulnerabilities of electronic security in e-government portals in the State of Paraíba, this research indicated how to correct the identified problems, which allows public managers to take actions that aim to minimize security breaches and the adoption of security strategies as well as the implementation of an information security policy. / O governo eletrônico pode ser caracterizado como a utilização das Tecnologias de Informação e Comunicação, pela administração pública, como apoio aos processos internos do governo e a entrega de produtos e serviços governamentais aos cidadãos e à indústria de forma célere e eficiente. É fundamental que o governo eletrônico se previna de acessos indevidos a fim de garantir que a Integridade, a Disponibilidade e a Confidencialidade, princípios basilares da segurança da informação, sejam protegidas de ameaças eletrônicas presentes na Internet. Essas ameaças colocam os ativos de informação em constante risco ao se aproveitarem das diversas vulnerabilidades existentes no ambiente virtual onde está inserido o governo eletrônico. Dessa forma, essa pesquisa analisa as possíveis vulnerabilidades existentes em portais de governo eletrônico em municípios do Estado da Paraíba. A população da pesquisa foram os 50 municípios que representam maior participação para a composição do Produto Interno Bruto (PIB) do Estado da Paraíba, sendo possível analisar os portais de 40 municípios. Esta pesquisa caracterizou-se como uma pesquisa descritiva, com abordagem quantitativa. Para a coleta dos dados utilizou-se o software Nestparker, um scanner de vulnerabilidades que tem como função rastrear e identificar vulnerabilidades em aplicações Web. Como resultado, foram encontradas 822 vulnerabilidades, das quais 15% são Críticas e 15% de Alta Criticidade. Além disso, 10% das vulnerabilidades foram classificadas como de Média Criticidade, o que, somada às outras vulnerabilidades de maiores impactos, representa um cenário com mais de 40% de vulnerabilidades encontradas nos portais dos municípios analisados. Tais vulnerabilidades tem o potencial de permitir que elementos mal-intencionados causem impactos negativos relevantes à continuidade do serviço. Essa pesquisa indicou, também, como corrigir os problemas identificados, o que pode permitir aos gestores públicos efetuarem ações que visem minimizar falhas de segurança e a adoção de estratégias de segurança, bem como a implantação de uma política de segurança da informação.

Governo Eletrônico

Gestão da segurança da informação

Scanner de vulnerabilidades

Electronic Government

Information security management

Vulnerability scanner

CIENCIAS HUMANAS::EDUCACAO

Evaluation of open source web vulnerability scanners and their techniques used to find SQL injection and cross-site scripting vulnerabilities / Evaluering av öppen källkod sårbarhetsskannrar för webbapplikationer och dess tekniker för att finna SQL injection och cross-site scripting sårbarheter

Matti, Erik

January 2021

Both for its simplicity and efficiency to search for the most critical security vulnerabilities that could exist within a web application, a web vulnerability scanner is a popular tool among any company that develops a web application. With the existence of many different scanners that are available to use, one is unlikely the same as the other and the results attained when evaluating these scanners in relation to each other are often not the same. In this thesis, three different open source web vulnerability scanners are evaluated and analysed based on their ability to find SQL injection and cross-site scripting vulnerabilities. The scanners were used on several open source deliberately broken web applications that acted as benchmarks. The benchmarks that caused much diversity in the results from the scanners were further investigated. When analysing the scanners based on the results, both the actual results were analysed on what caused the diversity but most of all the source code of the scanners were explored and investigated. It could be found that the techniques used by the scanners were essentially similar but contained several minor differences that caused the diversity in the results. Most differences were dependant on the variation of the predefined payloads injected by the scanners, but it could also be found that the approaches used to determine if a vulnerability was detected or not could vary as well. The finalised result concluded in a report that reveals and demonstrates the different approaches that any web vulnerability scanner could use and the limitations of them.

Open source

Web vulnerability scanner

SQL injection

XSS

cross-site scripting

OWASP ZAP

Web security

Web application

Computer Sciences

Datavetenskap (datalogi)