Abstract
Nowadays, software products are developed with security vulnerabilities due to bad coding. Vulnerability scanner tools automatically detect security vulnerabilities in web applications; thus, trustworthiness on the results of these tools is essential and, sometimes, the evaluation of their results is done manually or even empirically. This work presents a semi automated approach, based on fault injection techniques, to assess the efficacy of these tools. Three scanner tools were assessed with the presence of realistic software faults responsible for security vulnerabilities in web applications. Results show that the approach is effective and has the advantage of predicting security vulnerabilities through the fault injection techniques.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.