PROJECT TITLE :
Assessing and Comparing Vulnerability Detection Tools for Web Services: Benchmarking Approach and Examples
Selecting a vulnerability detection tool is a key problem that is frequently faced by developers of security-important net services. Research and apply shows that state-of-the-art tools gift low effectiveness both in terms of vulnerability coverage and false positive rates. The most problem is that such tools are typically restricted within the detection approaches implemented, and are designed for being applied in very concrete situations. Therefore, using the wrong tool might result in the deployment of services with undetected vulnerabilities. This paper proposes a benchmarking approach to assess and compare the effectiveness of vulnerability detection tools in internet services environments. This approach was used to define two concrete benchmarks for SQL Injection vulnerability detection tools. The primary is based on a predefined set of internet services, and the second permits the benchmark user to specify the workload that best portrays the particular characteristics of his environment. The 2 benchmarks are used to assess and compare many widely used tools, together with four penetration testers, 3 static code analyzers, and one anomaly detector. Results show that the benchmarks accurately portray the effectiveness of vulnerability detection tools (in a very relative manner) and counsel that the proposed benchmarking approach will be applied in the field.
Did you like this research project?
To get this research project Guidelines, Training and Code... Click Here