Performance Evaluation of Web Application Security Scanners for Prevention and Protection against Vulnerabilities

摘要

With the increasing development of the Internet, web applications have become increasingly vulnerable and exposed to malicious attacks which affect essential properties such as confidentiality, integrity or availability of information systems. To deal with these malicious threats, web application developers and IT security administrators have used the web application vulnerabilities scanners (WAVS) as scanning tools that regularly audit web applications to check for exploitable vulnerabilities. In today's market, a large number of web application scanning tools are available. Though these tools are available in market, the question is how efficient they are in addressing security concerns in web applications. The primary focus of this Article is to assess the effectiveness and performance of eleven scanners as far as vulnerability detection in web applications is concerned. This evaluation is multifunctional as it can be used to specify the degree of scanners 'efficiency, extract conclusions about their abilities to detect vulnerabilities, and prevent others by making recommendations of the use of WAVS by companies or organizations.