Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples


Selecting a vulnerability detection tool is a key problem that is frequently faced by developers of security-important net services. Research and apply shows that state-of-the-art tools gift low effectiveness both in terms of vulnerability coverage and false positive rates. The most problem is that such tools are typically restricted within the detection approaches implemented, and are designed for being applied in very concrete situations. Therefore, using the wrong tool might result in the deployment of services with undetected vulnerabilities. This paper proposes a benchmarking approach to assess and compare the effectiveness of vulnerability detection tools in internet services environments. This approach was used to define two concrete benchmarks for SQL Injection vulnerability detection tools. The primary is based on a predefined set of internet services, and the second permits the benchmark user to specify the workload that best portrays the particular characteristics of his environment. The 2 benchmarks are used to assess and compare many widely used tools, together with four penetration testers, 3 static code analyzers, and one anomaly detector. Results show that the benchmarks accurately portray the effectiveness of vulnerability detection tools (in a very relative manner) and counsel that the proposed benchmarking approach will be applied in the field.

Did you like this research project?

To get this research project Guidelines, Training and Code... Click Here

PROJECT TITLE : A Natural Language Processing Framework for Assessing Hospital Readmissions for Patients with COPD - 2017 ABSTRACT: With the passage of recent federal legislation several medical institutions are now accountable
PROJECT TITLE :Assessing the Federal Trade Commission's Privacy AssessmentsABSTRACT:Regulators worldwide want to stay tabs on firms caught violating client protection rules. Assessments by outside accounting companies are a key
PROJECT TITLE :Assessing the Applicability of Uncertainty Importance Measures for Power System StudiesABSTRACT:This paper critically evaluates a range of uncertainty importance measures to be used in power system stability studies.
PROJECT TITLE :Assessing Electromagnetic Radiation in our EnvironmentABSTRACT:A variety of wireless networks have surrounded us for the availability of ubiquitous communication services. While the earliest communication infrastructure
PROJECT TITLE :Assessing the Effectiveness of Moving Target Defenses Using Security ModelsABSTRACT:Cyber crime could be a developing concern, where criminals are targeting valuable assets and critical infrastructures among networked

Ready to Complete Your Academic MTech Project Work In Affordable Price ?

Project Enquiry