Using WASSEC to Evaluate Commercial Web Application Security Scanners
Fakhreldeen Abbas Saeed
Dr. Fakhreldeen Abbas Saeed, Department of Computer Science, College of Computer Science and Information Technology , Alneelain University , Khartoum, Sudan.
Manuscript received on March 03, 2014. | Revised Manuscript received on March 05, 2014. | Manuscript published on March 05, 2014. | PP: 177-181 | Volume-4 Issue-1, March 2014. | Retrieval Number: A2115034114
Open Access | Ethics and Policies | Cite
© The Authors. Published By: Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)
Abstract: The web application security has currently become a very significant area of scholarship, the best way to deal with it is to use web application security scanner to discover the architectural weaknesses and vulnerabilities in the web application. The goal of this paper is to use The Web Application Security Scanner Evaluation Criteria (WASSEC) to compare and contrast the Commercial Web Application Security Scanners, and show the differences between them. We used six factors to do this compression (Protocol Support, Authentication, Session Management, Crawling, Parsing and Testing). The study shows that Acunetix WVS, Ammonite and Burp Suite Professional are the most suitable ones because they have 0.831325, 0.771084 and 0.73494 averages respectively. As the result of this study and depend on the information about the Commercial Web Application Security Scanner we collected; the Acunetix WVS, Burp Suite Professional and Ammonite are the best respectively. So the web developer or administrator can use them together or choose one.
Keywords: Web Application Security Scanner, WASSEC, Evaluation.