Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner

@inproceedings{Doup2012EnemyOT,
  title={Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner},
  author={Adam Doup{\'e} and Ludovico Cavedon and Christopher Kr{\"u}gel and Giovanni Vigna},
  booktitle={USENIX Security Symposium},
  year={2012}
}
Black-box web vulnerability scanners are a popular choice for finding security vulnerabilities in web applications in an automated fashion. These tools operate in a point-and-shoot manner, testing any web application— regardless of the server-side language—for common security vulnerabilities. Unfortunately, black-box tools suffer from a number of limitations, particularly when interacting with complex applications that have multiple actions that can change the application’s state. If a… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-10 OF 61 CITATIONS, ESTIMATED 36% COVERAGE

170 Citations

02040'13'15'17'19
Citations per Year
Semantic Scholar estimates that this publication has 170 citations based on the available data.

See our FAQ for additional information.

References

Publications referenced by this paper.
SHOWING 1-10 OF 38 REFERENCES

Static analysis for detecting taint-style vulnerabilities in web applications

  • N. JOVANOVIC, C. KRUEGEL, E. KIRDA
  • Journal of Computer Security 18,
  • 2010
Highly Influential
3 Excerpts

: Securing Database from Logic Flaws in Web Applications

  • W. Y AN, Y. SENTINEL AND X UE
  • Proceedings of the 15 th international conference…
  • 2012

Analyzing the Accuracy and Time Costs of Web Application Security Scanners

  • L. SUTO
  • 2010
1 Excerpt

Similar Papers

Loading similar papers…