Title page for ETD etd-08102010-184408

Type of Document Master's Thesis
Author Shelly, David Andrew
Author's Email Address dashelly@vt.edu
URN etd-08102010-184408
Title Using a Web Server Test Bed to Analyze the Limitations of Web Application Vulnerability Scanners
Degree Master of Science
Department Electrical and Computer Engineering
Advisory Committee
Advisor Name Title
Tront, Joseph G. Committee Chair
Marchany, Randolph C. Committee Member
Midkiff, Scott F. Committee Member
  • Vulnerability Detection
  • Web Application Scanners
  • Web Application Security
  • Black Box Testing
Date of Defense 2010-07-29
Availability unrestricted
The threat of cyber attacks due to improper security is a real and evolving danger. Corporate and personal data is breached and lost because of web application vulnerabilities thousands of times every year. The large number of cyber attacks can partially be attributed to the fact that web application vulnerability scanners are not used by web site administrators to scan for flaws. Web application vulnerability scanners are tools that can be used by network administrators and security experts to help prevent and detect vulnerabilities such as SQL injection, buffer overflows, cross-site scripting, malicious file execution, and session hijacking.

However, these tools have been found to have flaws and limitations as well. Research has shown that web application vulnerability scanners are not capable of always detecting vulnerabilities and attack vectors, and do not give effective measurements of web application security. This research presents a method to analyze the flaws and limitations of several of the most popular commercial and free/open-source web application scanners by using a secure and insecure version of a custom-built web application. Using this described method, key improvements that should be made to web application scanner techniques to reduce the number of false-positive and false-negative results are proposed.

  Filename       Size       Approximate Download Time (Hours:Minutes:Seconds) 
 28.8 Modem   56K Modem   ISDN (64 Kb)   ISDN (128 Kb)   Higher-speed Access 
  Shelly_DA_T_2010.pdf 881.87 Kb 00:04:04 00:02:05 00:01:50 00:00:55 00:00:04

Browse All Available ETDs by ( Author | Department )

dla home
etds imagebase journals news ereserve special collections
virgnia tech home contact dla university libraries

If you have questions or technical problems, please Contact DLA.