SOLUTIONS FOR AUTO-TESTING AND AUTO-WARNING WEBSITE ERRORS BASED ON THE RESULTS OF THE WEBSITE ERROR SCANNING TOOLS

  • Phạm Duy Lộc
  • Phan Thị Thanh Nga

Abstract

Nowadays, there are commercial and free tools to automatically test websites’ security which is considered to be the positive point for pen-tester. In contrast, these tools might also produce false alerts. To minimize these false alerts, it is necessary to develop a tool which helps pen-tester verify alerts manually or automatically with cross-checking results collected from many pen-test tools. We name this tool PAT (Pen-Test Assistance Tool). PAT is able to save experiences from previous successful checking for future check. PAT also can check vulnerabilities automatically based on report of pen-test tools and warn website errors to web-masters automatically via email. In the first version of PAT, we focus on SQL Injection vulnerabilities in ASP.NET websites.  
điểm /   đánh giá
Published
2016-12-26
Section
Natural Sciences and Tecnology