The development of web applications have increased exceedingly in the last few years. Without the concern of security development, these web applications are exposed to a great amount of cyber threats. This thesis provides a survey of automated tools, or so called black box web scanners, that are used to find vulnerabilities, without any internal knowledge, in a web application. The web scanners was evaluated by running them on an vulnerable web application called XVWA and comparing the scanning results with two criteria. First criterion is to see if it is as accurate as stated, and the second criterion is to check if they pass the requirements of NIST for a web scanner of this type. All of the web scanners included in this thesis are open source/free to use. The results of eight different web scanners shows that most of the scanners does not follow the NIST requirements fully, however the majority still performs well. It has also been seen that the newer and most active developed scanners performs the best which is logical. One of the drawn conclusions is that none works perfect or is above all the other scanners.
| Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:liu-134279 |
| Date | January 2017 |
| Creators | Barsomo, Milad |
| Publisher | Linköpings universitet, Institutionen för datavetenskap |
| Source Sets | DiVA Archive at Upsalla University |
| Language | English |
| Detected Language | English |
| Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0018 seconds