130 likes | 310 Views
A n Analysis of Web Application Vulnerability Scanners. By Tara Lingle and Orcun Tagtekin. CAP6135 – Malware and Software Vulnerability Analysis. Background. Web Application Vulnerability Scanning searches for software vulnerabilities within web applications:
E N D
An Analysis of Web Application Vulnerability Scanners By Tara Lingle and OrcunTagtekin CAP6135 – Malware and Software Vulnerability Analysis
Background • Web Application Vulnerability Scanning searches for software vulnerabilities within web applications: • Web Application Security (Scripting issues) • Technical Vulnerabilities (Cross-site Scripting) • Security Vulnerabilities (Denial of Service) • Architectural/Logical Vulnerabilities (Information Leakage) • Can be used to help identify potential security vulnerabilities within commercial and proprietary based web applications. • Frequently used in both the pre-deployment and post-deployment test cycles. CAP6135 – Malware and Software Vulnerability Analysis
Goal • The goal of this project is to explore both the commercial and open source web application vulnerability scanners that currently exist and determine which one(s) we would recommend to an organization. • Evaluate leading commercial products, to include features, strengths and weaknesses • Compare our findings with other research • Review a number of open source tools available • Decide how the commercial products compare against the open source tools CAP6135 – Malware and Software Vulnerability Analysis
What would an organization look for in such a product? CAP6135 – Malware and Software Vulnerability Analysis
Requirements Statement (Wish List) • Limited number of false positives and false negatives • Ability to customize configuration options for internal needs • Covers all major platforms (Java, JavaScript, PHP, ASP, ASP.NET), including dynamic content • Ease of use for non-security professionals • Powerful, automated scanning engine that can handle complexities by default (i.e. minimal manual intervention) CAP6135 – Malware and Software Vulnerability Analysis
Requirements Statement (Wish List), cont. • Vendor Support • Tests both application vulnerabilities and known web server vulnerabilities • Usable reports and data • Maintenance/upgrade costs • Expandability for future needs of the organization • Can obtain periodic updates as new vulnerabilities are introduced CAP6135 – Malware and Software Vulnerability Analysis
Top Rated Commercial Products • Acunetix Web Vulnerability Scanner by Acunetix • AppScan by IBM/Watchfire, Inc. • WebInspect by HP/SPI-Dynamics • Hailstorm by Cenzic CAP6135 – Malware and Software Vulnerability Analysis
Product Comparison CAP6135 – Malware and Software Vulnerability Analysis
Product Comparison, cont. CAP6135 – Malware and Software Vulnerability Analysis
What about open source tools that exist for the same purpose? CAP6135 – Malware and Software Vulnerability Analysis
Commercial Products vsOpen Source Tools • What are the trade-offs of using an open source tool over a commercial product? • Do any of them meet the requirements statement outlined? CAP6135 – Malware and Software Vulnerability Analysis
Free/Open Source Tools • Nikto by Sullo • Paros by Chinotec • WebScarab by Rogan Dawes • Grabber by Romain Gaucher • Grendel-Scan by David Byrne and Eric Duprey • Pantera by Simon Roses Femerling • Powerfuzzer by Marcin Kozlowski • Scuba by Imperva • Wapiti by Nicolas Surribas CAP6135 – Malware and Software Vulnerability Analysis
So which product comes out on top and best meets the requirements statement? ? TBD CAP6135 – Malware and Software Vulnerability Analysis