A free and extensible tool to detect vulnerabilities in Web systems

Author

Rocha, Douglas ; Kreutz, Diego ; Turchetti, Rogério

Author_Institution

Grupo de Pesquisa em Sist. de Informacao-GPSI, Univ. Fed. do Pampa-UNIPAMPA, Alegrete, Brazil

fYear

2012

fDate

20-23 June 2012

Firstpage

1

Lastpage

6

Abstract

The increasing number of intrusions and data thefts on online systems is one of the triggers of the growing concern about security inside organizations. Nowadays, dynamic and extensible detection tools are required and critical to detect and diagnose vulnerabilities in Web systems. In this paper we present the development and evaluation of a vulnerability scanner for online systems. Unlike most existing tools, it is free and open source, available at SourceForge, and has a modular and extensible architecture. The achieved results show that the proposed tool, called Uniscan, is able to better detect and diagnose vulnerabilities such as LFI, RFI and RCE.

Keywords

Internet; public domain software; security of data; software architecture; LFI; RCE; RFI; SourceForge; Uniscan tool; Web system vulnerability detection; Web system vulnerability diagnosis; data thefts; dynamic detection tools; extensible detection tools; free software; intrusions; modular-extensible architecture; online systems; open source tool; organizational security; vulnerability scanner development; vulnerability scanner evaluation; Crawlers; Engines; Internet; Linux; Security; Software; Stress; Web systems; flexible and extensible architecture; free and open source tools; security; vulnerability detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Systems and Technologies (CISTI), 2012 7th Iberian Conference on

Conference_Location

Madrid

ISSN

2166-0727

Print_ISBN

978-1-4673-2843-2

Type

conf

Filename

6263139