![]() ![]() The evaluation is conducted based on an extracted list of vulnerabilities from OWASP and NIST. The evaluation is based on different measures such as the vulnerabilities severity level, types of detected vulnerabilities, numbers of false positive vulnerabilities and the accuracy of each scanner. The method of black box testing was adopted to evaluate the five WAVSs against seven vulnerable web applications. The selected scanners are among the top ten recommended web vulnerability scanning software for 2017. This paper evaluates the effectiveness and accuracy of five WAVSs (Acunetix WVS, Burp Suite, NetSparker, Nessus and OWASP ZAP) to identify possible vulnerabilities of web applications. ![]() WAVS are used during the deployment phase to continuously evaluate the security of web applications by checking for possible vulnerabilities that can threaten the client services. Web Application Vulnerability Scanners (WAVS) help the developers to identify existing vulnerabilities that could compromise the security and privacy of data exchanged between the client and web server during the development and deployment phases. Security is among of the important attributes during the penetration testing phase. The Secure Development Life Cycle (SDLC) of web applications aims to enhance the quality attributes of released applications. If a system is compromised, organizations need to improve the ability to minimize their damage.This paper approaching the difficult problem of mitigation of security risk vulnerabilities with which most organizations are confronted today.The purpose of this paper is to inform organizations of this rapidly growing problem and provide best-practice defense tactics. In order to minimize the opportunity for sensitive information from " leaking out " of an organization, it is crucial to increase user awareness regarding information security issues. Risk factors are calculated for each of the discovered vulnerability in order to prioritize remediation activities accordingly.This paper discussed the remediation plans for mitigation of common vulnerabilities encountered in organization " s computing environment. These risks are quantified accordingto their likelihood of occurrence and the potential damage if they occur. This paper investigated the security risks that could adversely affect organization " s critical operations and assets. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |