Benchmarking Vulnerability Detection Tools for Web Services

Antunes, Nuno; Vieira, Marco

doi:10.1109/icws.2010.76

Cited by 61 publications

(39 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In the first case study the "Benchmark for SQL Injection Vulnerability Detection Tools" [18] was used to evaluate and compare the considered vulnerability detection techniques. The goal was to understand how different is the effectiveness of these techniques in web services environment.…”

Section: A Case #1: Benchmark For Vulnerability Detection Toolsmentioning

confidence: 99%

SOA-Scanner: An Integrated Tool to Detect Vulnerabilities in Service-Based Infrastructures

Antunes

Vieira

2013

2013 IEEE International Conference on Services Computing

Self Cite

View full text Add to dashboard Cite

Service Oriented Architectures are nowadays used in a wide range of organizations to support critical daily operations. Although the underlying services should behave in a secure manner, they are often deployed with bugs that can be maliciously exploited. The characteristics of service-based environments open the door to security challenges that must be handled properly, including services under the control of multiple providers and dynamism of interactions and compositions. This paper presents an extensible tool able to widely test such infrastructures for vulnerabilities. The tool is based in an iterative process that uses interface monitoring to automatically monitor and discover the existing services, resources and interactions, and applies different testing approaches depending on the level of access to each existing services. Two case studies has been developed do demonstrate the tool, and results show that the tool can effectively be used in different service-based scenarios, under different access conditions to the target services.

show abstract

Section: A Case #1: Benchmark For Vulnerability Detection Toolsmentioning

confidence: 99%

SOA-Scanner: An Integrated Tool to Detect Vulnerabilities in Service-Based Infrastructures

Antunes

Vieira

2013

2013 IEEE International Conference on Services Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…There are a few studies that have attempted to analyze the effectiveness of different countermeasures against WA attacks in laboratory environments [4][5][6]. Unfortunately, the difficulties of performing experiments on the topic in a representative manner have brought various constraints that delimit the value of their results for a decision maker in the industry.…”

Section: Introductionmentioning

confidence: 99%

Effort Estimates on Web Application Vulnerability Discovery

Holm

Ekstedt

Sommestad

2013

2013 46th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Web application vulnerabilities are widely considered a serious concern. However, there are as of yet scarce data comparing the effectiveness of different security countermeasures or detailing the magnitude of the security issues associated with web applications. This paper studies the effort that is required by a professional penetration tester to find an input validation vulnerability in an enterprise web application that has been developed in the presence or absence of four security measures: (i) developer web application security training, (ii) type-safe API's, (iii) black box testing tools, or (iv) static code analyzers. The judgments of 21 experts are collected and combined using Cooke's classical method. The results show that 53 hours is enough to find a vulnerability with a certainty of 95% even though all measures have been employed during development. If no measure is employed 7 hours is enough to find a vulnerability with 95% certainty.

show abstract

“…In (Antunes and Vieira 2010) it was proposed a methodology to benchmark web services security scanner tools (in previous research works the same authors found out that the most used vulnerability scanners have different vulnerability coverage, meaning that they uncover different sets of vulnerabilities (M. Vieira, Antunes, and Madeira 2009)). They proposed a method to analyze the flaws and limitations of web application scanners by using one secure version and one insecure version of a custom-built web application.…”

Section: Security Benchmarking Initiativesmentioning

confidence: 99%

Security Benchmarks for Web Serving Systems

Mendes

Madeira

Duraes

2014

2014 IEEE 25th International Symposium on Software Reliability Engineering

View full text Add to dashboard Cite

The assessment of the security level of computer systems in a standardized and regular manner (security benchmarking) has become a very relevant subject, especially for those who use computer systems to support critical business missions or to store confidential information. The concern about computer-based system security is totally justified: systems have become increasingly complex, interconnected, and pervasive, and their security have been threatened by many types of attacks. These attacks are unavoidable, as the root causes for them are tied up to human aspects that cannot be removed (intention to cause harm, intention to steal information, etc.), and the losses attacks can cause to their targets (when successful) can be very significant. This scenario of attack inevitability has led companies and governments to invest massively in the development of regulations and mechanisms aimed at the improvement of the security of computer systems (e.g., training developer teams, rapidly solving discovered vulnerabilities, using tools to detect and prevent attacks). Despite these efforts, successful attacks continue to happen, showing that computer systems remain insecure. This is why end-users, system administrators, and systems integrators (to mention just a few classes of users) consider security as an important decision factor when choosing which system to buy and use. These individuals are looking for the means to assess and compare the security of functionally-similar systems/components that will enable them to make a decision taking into account the assessment of security risk.This thesis presents a novel, reproducible, risk-based methodology to benchmark the security of software-based systems. This is a generic methodology that can be instantiated to any class of software-based system. Our benchmark methodology uses the notion of risk in a quantifiable way to measure the security of systems, with a single security metric (SBench) to simplify the comparison of different systems (or different configurations of the same system), enabling users and system integrators to identify and select the most secure one, allowing as well the breakdown of this single metric for more detailed analysis. Our methodology follows the approach of benchmarks proposed in the field of performance and dependability, containing elements such as metrics, workload, and experimental setup, and defining a comprehensive set of procedures and rules to ensure the compliance with key properties such as repeatability.Our security benchmark methodology cover the two complementary views of a 8 given system concerning security: the first takes into account concrete vulnerabilities effectively existing for that system (measures what is already known), and the second estimates the effects of possible yet-to-discover vulnerabilities (and, in fact, many attacks are based on previously unknown vulnerabilities). In fact, these views correspond to the two parts of our benchmark methodology: the static and the dynamic. The static part corresponds ...

show abstract

Benchmarking Vulnerability Detection Tools for Web Services

Cited by 61 publications

References 7 publications

SOA-Scanner: An Integrated Tool to Detect Vulnerabilities in Service-Based Infrastructures

SOA-Scanner: An Integrated Tool to Detect Vulnerabilities in Service-Based Infrastructures

Effort Estimates on Web Application Vulnerability Discovery

Security Benchmarks for Web Serving Systems

Contact Info

Product

Resources

About