Web Vulnerability Finder (WVF): Automated Black- Box Web Vulnerability Scanner

Khalid, Muhammad Noman; Iqbal, Muhammad; Rasheed, Kamran; Abid, Malik Muneeb

doi:10.5815/ijitcs.2020.04.05

Cited by 9 publications

(3 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, the work in [22] is another high-level scanner focused on web vulnerabilities. It performs URL crawling and attacks the resulting URLs, to detect XSS, SQL injection, between other vulnerabilities.…”

Section: Related Workmentioning

confidence: 99%

Intelligent System for Automation of Security Audits (SIAAS)

Seara,

Serrão

2023

ICST Transactions on Scalable Information Systems

View full text Add to dashboard Cite

Events related to cybersecurity failures have a high and growing financial, operational, and reputational impact, on organizations around the world. At the same time, there is a shortage of cybersecurity professionals. In addition, the specialization of professionals with the necessary skills in the area of cybersecurity is expensive and time-consuming. Taking these facts into consideration, this research has focused on the automation of cybersecurity processes, specifically those related to continuous vulnerability detection. To address this problem, a cybersecurity vulnerability scanner that is free to the community and requires no pre-expertise on the part of the operator, was developed. The artifact was tested by companies in the IT business, by systems engineers, most without cybersecurity background. The results demonstrated that the artifact was easy to install and that the reported results can be used by the operator in the context of an automatic and proactive securitization of the systems involved.

show abstract

Section: Related Workmentioning

confidence: 99%

Intelligent System for Automation of Security Audits (SIAAS)

Seara,

Serrão

2023

ICST Transactions on Scalable Information Systems

View full text Add to dashboard Cite

show abstract

“…In the third experiment, we used different scanning tools to test the samples collected by the crawler program in the second experiment and compared the differences between our proposed method and classic open-source tools and other detection schemes. In the experiment, we used the 4 tools of Wapiti, w3af, XSSer, and XSStrike and the three detection schemes of XSS-Unit testing [29], TT-XSS [30], and WVF [37] proposed by other researchers in recent years and GAXSS test results for comparison.…”

Section: Scanner Comparisonmentioning

confidence: 99%

GAXSS: Effective Payload Generation Method to Detect XSS Vulnerabilities Based on Genetic Algorithm

Liu

Fang

Huang

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

In the fields of social networking, media, and management, web applications on the Internet play a very indispensable role. A large amount of personal privacy information and login tokens make web applications often targeted by hackers. Cross-site scripting attacks are the most common method used to steal data from web applications. To solve the security risks caused by cross-site scripting vulnerabilities, security personnel need to actively discover these vulnerabilities to better defend against the harm. We proposed a novel genetic algorithm-based fuzzing scheme to address this problem. First, a small number of initial attack vectors are generated according to the interactive environment of the web application and then the attack vectors are sequenced into genes. Combined with the grammatical structure features of cross-site scripting and common bypass methods, the gene sequences are iteratively optimized and improved. Finally, the generated high-quality vectors are used to detect potential cross-site scripting threats in the application (we named the implementation of this approach GAXSS). The method we proposed can automatically detect the vulnerability of page interaction points and can obtain better detection results without a large number of test dictionaries, and the time cost is also reasonable. We have conducted vulnerability tests on many common open-source web applications, with a precision rate of 1.0 and an accuracy rate over 0.98. In addition, we also compared GAXSS with other well-known scanners and state-of-the-art detection methods. Its comprehensive performance is better, and it can effectively detect vulnerabilities.

show abstract

“…In [17], M. Amjad et al to investigate and find out the parameters that affects the web performance and it has been tested on ecommerce applications of Bangladesh, where eleven parameters are considered and these are fully loaded (requests), first CPU idle, speed index, start render, load time, fully loaded (time), document complete (time), last painted hero, first contentful paint, and first byte. In [18], M. N. In [19] the author point out the difficulties of security implementation of web applications and presents a framework for developing secure web applications. Also the priority and importance of use case in UML are pointed out.…”

Section: Introductionmentioning

confidence: 99%

Design and Implementation of Web-based Smart Class Routine Management System for Educational Institutes

Roy¹,

Kabir²,

Ahmed³

2022

IJEME

View full text Add to dashboard Cite

Smart Class Routine Management System (SCRMS) is a web application that able to generate an error-free and effective class schedule automatically. At present, most of the academic institutes like schools, colleges, and universities follow the traditional manual process to create class routines. Thus, there is a high probability of making errors in overlapping timetable period or slot and definitely a valuable amount of time is wasted as there are many things to be considered. SCRMS comes with the intension to provide better and dynamic timetable management service and to reduce the workload of the routine management team. It will assist in the automatic management of all periods. The user or the routine management team simply needs to create a schedule for a batch, and the system will automatically configure all connected timetables (Teachers, Class Rooms, and Labs). SCRMS also contains an embedded database which stores the records of every batch, classroom, lab and teacher with their respective tables. In this system, class distribution will be more reliable and accurate. This web application is secured and really easy to use. In this application, the teacher's routine will be generated automatically and the student's class routine will be provided by an admin. In this paper, the SCRMS is designed and developed as a web application by PHP language with MySQL database. The programming languages and tools used to develop this system are PHP, Laravel, Bootstrap, MySQL, JavaScript, HTML, CSS, Ajax, and JQuery which are very efficient in making such dynamic web-based system. Since, the developed system is flexible, scalable, and modular, does not just meet the needs of a specific department/ institute but can be adapted and used by any other departments/ organizations.

show abstract

Web Vulnerability Finder (WVF): Automated Black- Box Web Vulnerability Scanner

Cited by 9 publications

References 19 publications

Intelligent System for Automation of Security Audits (SIAAS)

Intelligent System for Automation of Security Audits (SIAAS)

GAXSS: Effective Payload Generation Method to Detect XSS Vulnerabilities Based on Genetic Algorithm

Design and Implementation of Web-based Smart Class Routine Management System for Educational Institutes

Contact Info

Product

Resources

About