Title :
A cost-effective approach to evaluating security vulnerability scanner
Author :
Yuan-Hsin Tung ; Shian-Shyong Tseng ; Jen-Feng Shih ; Hwai-Ling Shan
Author_Institution :
Telecommunication Lab., Chunghwa Telecom Co., Ltd., Taiwan, ROC
Abstract :
Web applications are exposed to various threats and attacks, and therefore numerous tools are developed for detecting web application vulnerabilities. Many studies have focused on evaluating vulnerability scanners. An efficient evaluation approach for detection tools is essential and can be extremely helpful to the users. In this paper, we propose a cost-effective approach to evaluating vulnerability scanners by considering redundant vulnerability alert problem. We define the redundant alert problem in scanner evaluation with our motivational example and propose the advanced confusion matrix by extending two defined attributes, true duplication (TD) and false duplication (FD). Then we apply our proposed cost-effective evaluation approach and build up the web Vulnerability Scanner Testbed.
Keywords :
Electronic publishing; Information services; Internet; Quality function deployment; advanced confusion matrix; cost-effective evaluation; security; vulnerability detection; web vulnerability;
Conference_Titel :
Network Operations and Management Symposium (APNOMS), 2013 15th Asia-Pacific
Conference_Location :
Hiroshima, Japan
