Fong, E.
and Okun, V.
(2007),
Web Application Scanners: Definitions and Functions, Proceedings of Hawaii International Conference on System Sciences (HICSS) ? 40, , HI, USA, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50874
(Accessed October 17, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Web Application Scanners: Definitions and Functions
Published
Author(s)
,
Abstract
There are many commercial software security assurance tools that claim to detect and prevent vulnerabilities in application software. However, a closer look at the tools often leaves one wondering which tools find what flaws? This paper identifies a taxonomy of software security assurance tools and focuses on the definition of one type of tool: web application scanner - an automated program designed to examine web applications for security vulnerabilities. The types of functions that are generally found in a web application scanner are described.Proceedings Title
Proceedings of Hawaii International Conference on System Sciences (HICSS) ? 40
Conference Location
, HI, USA
Conference Title
Hawaii International Conference on System Sciences (HICSS) ? 40
Pub Type
Conferences
Download Paper
Keywords
Software assurance, software security, software security assurance tool, vulnerability, web application
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created July 31, 2007, Updated October 12, 2021