Presentation	2010-10-14 Evaluation of Automated Testing Tools for Web Application Vulnerability Detection Ryosuke NAKAI, Tatsuhito TSUCHIYA, Tohru KIKUNO,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	This paper reports an evaluation of some automatic testing tools for web applications. These testing tools are intended to detect safety vulnerabilities of web applications, such as SQL injection and cross-site scripting vulnerabilities. The evaluation is performed experimentally, on a case-study basis: We apply the tools to the testing of three web applications which are already known to have some vulnerabilities. We compare vulnerability detection ratio and false positive ratio between the three testing tools, revealing different characteristics of these tools.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Web application / Vulnerability / fuzzing
Paper #	DC2010-21
Date of Issue

Conference Information
Committee	DC
Conference Date	2010/10/7(1days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To	Dependable Computing (DC)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Evaluation of Automated Testing Tools for Web Application Vulnerability Detection
Sub Title (in English)
Keyword(1)	Web application
Keyword(2)	Vulnerability
Keyword(3)	fuzzing
1st Author's Name	Ryosuke NAKAI
1st Author's Affiliation	Graduate School of Information Science and Technology, Osaka University()
2nd Author's Name	Tatsuhito TSUCHIYA
2nd Author's Affiliation	Graduate School of Information Science and Technology, Osaka University
3rd Author's Name	Tohru KIKUNO
3rd Author's Affiliation	Graduate School of Information Science and Technology, Osaka University
Date	2010-10-14
Paper #	DC2010-21
Volume (vol)	vol.110
Number (no)	229
Page	pp.pp.-
#Pages	5
Date of Issue