Abstract
Nowadays, software products are developed with security vulnerabilities due to bad coding. Vulnerability scanner tools automatically detect security vulnerabilities in web applications; thus, trustworthiness on the results of these tools is essential and, sometimes, the evaluation of their results is done manually or even empirically. This work presents a semi automated approach, based on fault injection techniques, to assess the efficacy of these tools. Three scanner tools were assessed with the presence of realistic software faults responsible for security vulnerabilities in web applications. Results show that the approach is effective and has the advantage of predicting security vulnerabilities through the fault injection techniques.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
