2. • This is translated short from
Korean information Security
journal, KIISC - Korea institute of
information security and
cryptology.
Kumi Sandra, Student, Dongseo Univ
SangGon Lee, Professor, Dongse Univ
ChaeHo Lim, BitScan/Professor, Dongseo Univ
http://journalhome.ap-northeast-2.elasticbeanstalk.com/journals/jkiisc/digital-library/23308
Notice
3. Outline
Introduction
Motivation
Detection of Web Application Vulnerabilities
Critical Web Application Vulnerabilities
Detection of web application
vulnerabilities Application
Experimental Analysis
Conclusions
4. http://journalhome.ap-northeast-2.elasticbeanstalk.com/journals/jkiisc/digital-library/23308
Introduction
In recent years, the popularity of the
internet and web applications has
rapidly increased. Web servers and
web applications have become target
for attackers.
• Attackers use the openness of the
internet to disseminate malware in
attempt to infect target systems.
• Attacks on websites or web
application can cause both direct
and significant impact on
organizations and individuals.
5. http://journalhome.ap-northeast-2.elasticbeanstalk.com/journals/jkiisc/digital-library/23308
Motivation
Detection of Web Application Vulnerabilities
• Application testing manually done by a specialist is
time-consuming and costly.
• Traditional defense strategy such as Web
Application Firewall (WAF) can be exploited and
bypassed with automated tools, to gain direct
access to a web application.
• Existing commercial vulnerability scanners
consume lot of time and resources to detect some
vulnerabilities that pose no risk to organizations
6. http://journalhome.ap-northeast-2.elasticbeanstalk.com/journals/jkiisc/digital-library/23308
Critical web application vulnerabilities
The Open Web Application Security Project
(OWASP) Top Ten Project[2] provides a
powerful awareness document for web
application security. The list focuses on
identifying the most critical software risks for
a web application. These risks are based on
the frequency of discovered security defects,
the severity of the vulnerabilities and potential
impact on organizations.
7. Detection of web application vulnerabilities
Two main techniques used:
• Static Analysis (White box testing)
• Dynamic Analysis (Black box testing)
Nain components of a vulnerability
scanner:
• Crawling Component
• Attacking Component
• Analysis Component
8. BitScanner 30 Web Application Vulnerabilities
Risk Level
Description No Vulnerability OWASP MITRE 25
Severity Lev
el
Level 1 (High)
RAT (Remote Acces
s Terminal)
1 SQL Injection
A1 6
High
2 XPATH Injection
3 LDAP Injection
4 Web Shell
A9
16
5 Shell Shock 11
6 Apache Struts2 3
7 CVE-2014-6271
118 CVE-2014-6278
9 CVE-2014-6277
10 CVE-2017-5638 3
11 XXE Vulnerable A4 17
Level 2 (Medium) Data Leakage
12 Blind SQL Injection A1
6
13 SQL Injection Possibility A1, A3
Level 3 (Low) External Access
14 XSS (Cross Site Script) A7 2
Medium15 Internal Server Error
A6
16 500 Page Error
Level 4 (Trivial) Information Reveal
17 POST XML Found A6, A4 17
Low
18 Script Error (JavaScript)
A6
419 Script Error (Visual Basic Scri
pt)
20 Validation Error
Level 5 (Information
al)
Alerts
21 Directory Listing A2,A3,A5,A6
10
22 Known Directory
A6
23 Admin Directory Found
24 Cgi Directory Found
A5
25 Cgi File Found
26 PHP Information Leaked A3 25
27 File Upload Function Found A5 16
28 Code Disclosure A6 4
29 Server Information A3 25
30 Post Method Allowed A6
10. Experimental Analysis
URL of Application Scanner VD Time (mins and seconds)
http://testaspnet.vulnweb.com
BitScanner 1 2mins 22sec
Acunetix 65 11mins 48sec
http://testhtml5.vulnweb.com
BitScanner 3 1min 5sec
Acunetix 47 22min 43sec
http://testasp.vulnweb.com
BitScanner 4 1min 11sec
Acunetix 42 13mins 3sec
VD: Number of vulnerabilities detected
Comparison of BitScanner with Acunetix
11. Conclusion
In this research, we presented a scanner that scans
for the most important vulnerabilities in web
applications. Unlike other scanners, BitScanner gives
hint to developers where to fix vulnerabilities in the
source code.