| Improvıng Automated Web Applıcatıon Vulnerabılıty Scanners
Web based applications provide great advantages for organizations. But from an information security point of view, it is observed that they bring along some risks. The impacts of those risks are loss of confidentiality, integrity or availability of data. Bad activities which try to damage confidentiality, integrity or availability of data are defined as attacks.
Most of the attacks occur over the web protocol and most of the web applications have at least one vulnerability. Vulnerability assessment of web applications is done to improve their security and can be automated with web application vulnerability scanners. But those vulnerability scanners cannot detect all of the security problems and produce incorrect test results known as false positives. Analysis and well known results show that, automated vulnerability scanners should be improved.
Since the use of client side web applications is in decrease, only web applications that run on server side are covered in this thesis. Therefore, existing automated vulnerability testing software has been examined and suggestions were made to improve their functions. Arachne software, which consists of ArachneDenetim and ArachneRapor, was developed to confirm those suggestions.
This software discusses; lowering false detections by analyzing server behaviour, decreasing unnecessary requests by using improved security audit functions and how it is possible to test the application in a shorter time by using an algorithm.
As a conclusion of evaluations, it was determined that Arachne is better than existing vulnerability scanners according to the observed criterias. But there are still some deficiencies. Suggestions, made to eliminate those deficiencies, are expressed in the results chapter.
KURU İbrahim ,
Danışman :Doç. Dr. Hülya ÇALIŞKAN
Anabilim Dalı :Enformatik
Mezuniyet Yılı :2006
Tez Savunma Jürisi :Doç.Dr. Hülya ÇALIŞKAN (Danışman)
Yrd.Doç.Dr. Sevinç GÜLSEÇEN
Doç.Dr. Mehpare TİMOR
Yrd.Doç.Dr. Zuhal TANRIKULU
Yrd.Doç.Dr. Mesut YALVAÇ
Dostları ilə paylaş: | 
