Web application security scanner

A web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses.[1] It performs a black-box test. Unlike source code scanners, web application scanners don't have access to the source code and therefore detect vulnerabilities by actually performing attacks.

Contents

Overview

A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Web application scanners can look for a wide variety of vulnerabilities, including:

Strengths and weaknesses

As with all testing tools, web application security scanners are not perfect, and have strengths and weaknesses.

Weaknesses and limitations

Strengths

Notes

  1. ^ [page not found? http://sites.google.com/site/wassec/technical-draft Technicaldraft - WASC - WASSEC]

External links