Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Web Application Scanners: Definitions and Functions

Published

Author(s)

Elizabeth N. Fong, Vadim Okun

Abstract

There are many commercial software security assurance tools that claim to detect and prevent vulnerabilities in application software. However, a closer look at the tools often leaves one wondering which tools find what flaws? This paper identifies a taxonomy of software security assurance tools and focuses on the definition of one type of tool: web application scanner - an automated program designed to examine web applications for security vulnerabilities. The types of functions that are generally found in a web application scanner are described.
Proceedings Title
Proceedings of Hawaii International Conference on System Sciences (HICSS) ? 40
Conference Location
, HI, USA
Conference Title
Hawaii International Conference on System Sciences (HICSS) ? 40

Keywords

Software assurance, software security, software security assurance tool, vulnerability, web application

Citation

Fong, E. and Okun, V. (2007), Web Application Scanners: Definitions and Functions, Proceedings of Hawaii International Conference on System Sciences (HICSS) ? 40, , HI, USA, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=50874 (Accessed December 4, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created July 31, 2007, Updated October 12, 2021