Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Web Application Scanners: Definitions and Functions

Published

Author(s)

Elizabeth N. Fong, Vadim Okun

Abstract

There are many commercial software security assurance tools that claim to detect and prevent vulnerabilities in application software. However, a closer look at the tools often leaves one wondering which tools find what flaws? This paper identifies a taxonomy of software security assurance tools and focuses on the definition of one type of tool: web application scanner - an automated program designed to examine web applications for security vulnerabilities. The types of functions that are generally found in a web application scanner are described.
Proceedings Title
Proceedings of Hawaii International Conference on System Sciences (HICSS) ? 40
Conference Location
HI
Conference Title
Hawaii International Conference on System Sciences (HICSS) ? 40

Keywords

Software assurance, software security, software security assurance tool, vulnerability, web application

Citation

Fong, E. and Okun, V. (2007), Web Application Scanners: Definitions and Functions, Proceedings of Hawaii International Conference on System Sciences (HICSS) ? 40, HI, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50874 (Accessed April 14, 2021)
Created August 1, 2007, Updated February 17, 2017