Riepponen, 2024 - Google Patents
Selection of open-source web vulnerability scanner as testing tool in continuous software developmentRiepponen, 2024
View PDF- Document ID
- 5008209932987054484
- Author
- Riepponen M
- Publication year
External Links
Snippet
Security is a critical part of web applications and vulnerabilities should be prevented or identified and fixed as early in the development process as possible. The purpose of this study is to determine how well open-source web vulnerability scanners suit for testing …
- 238000012360 testing method 0 title abstract description 16
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
- G06F9/46—Multiprogramming arrangements
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rautenstrauch et al. | The leaky web: Automated discovery of cross-site information leaks in browsers and the web | |
| Khodayari et al. | The great request robbery: An empirical study of client-side request hijacking vulnerabilities on the web | |
| Bergadano et al. | A modular framework for mobile security analysis | |
| Chunlei et al. | Automatic fuzz testing of web service vulnerability | |
| Pieczul et al. | Runtime detection of zero-day vulnerability exploits in contemporary software systems | |
| Pantelaios et al. | {FV8}: A Forced Execution {JavaScript} Engine for Detecting Evasive Techniques | |
| Fredj | Spheres: an efficient server-side web application protection system | |
| Riepponen | Selection of open-source web vulnerability scanner as testing tool in continuous software development | |
| EP4421667A1 (en) | Injection attack sensor with syntax attack detection template | |
| Veres | An Exploration of Current Techniques in OWASP Vulnerability Detection and Improvement Opportunities | |
| Hellström et al. | A Lightweight Secure Development Process for Developers | |
| Häyrynen | Evaluation of state-of-the-art web application vulnerability scanners | |
| Koman et al. | SCAnME-scanner comparative analysis and metrics for evaluation: J. Koman, M. Janiszewski | |
| Chorell et al. | A Comparative Analysis of Open Source Dynamic Application Security Testing Tools | |
| Alazmi | Enhancing the Performance of Web Application Security Testing: An In-Depth Analysis and Optimization of Web Vulnerability Scanners | |
| Bugingo et al. | The Role of Advanced Penetration Testing Techniques in Enhancing Cybersecurity: A Survey on Web Application Security | |
| Caseirito | Attacking web applications for dynamic discovering of vulnerabilities | |
| Kostetska | REST API Security Testing within the IEC 62443-4-1 Standard | |
| Antunes et al. | Security testing in SOAs: Techniques and tools | |
| Norberg | Secure Application Life Cycle Management | |
| Eriksson | Securing the Next Generation Web | |
| Pieczul et al. | The dark side of the code | |
| Hussain | Evaluation of Open-Source Vulnerability Scanners for Web Applications and WordPress Websites | |
| Savova et al. | Automated Web Application Scanning with Wapiti, Selenium, and SQLMap | |
| Alves | MockingPot: Generate and Integrate Honeypots Into Existing Web Applications |