Title :
A free and extensible tool to detect vulnerabilities in Web systems
Author :
Rocha, Douglas ; Kreutz, Diego ; Turchetti, Rogério
Author_Institution :
Grupo de Pesquisa em Sist. de Informacao-GPSI, Univ. Fed. do Pampa-UNIPAMPA, Alegrete, Brazil
Abstract :
The increasing number of intrusions and data thefts on online systems is one of the triggers of the growing concern about security inside organizations. Nowadays, dynamic and extensible detection tools are required and critical to detect and diagnose vulnerabilities in Web systems. In this paper we present the development and evaluation of a vulnerability scanner for online systems. Unlike most existing tools, it is free and open source, available at SourceForge, and has a modular and extensible architecture. The achieved results show that the proposed tool, called Uniscan, is able to better detect and diagnose vulnerabilities such as LFI, RFI and RCE.
Keywords :
Internet; public domain software; security of data; software architecture; LFI; RCE; RFI; SourceForge; Uniscan tool; Web system vulnerability detection; Web system vulnerability diagnosis; data thefts; dynamic detection tools; extensible detection tools; free software; intrusions; modular-extensible architecture; online systems; open source tool; organizational security; vulnerability scanner development; vulnerability scanner evaluation; Crawlers; Engines; Internet; Linux; Security; Software; Stress; Web systems; flexible and extensible architecture; free and open source tools; security; vulnerability detection;
Conference_Titel :
Information Systems and Technologies (CISTI), 2012 7th Iberian Conference on
Conference_Location :
Madrid
Print_ISBN :
978-1-4673-2843-2
