An Efficient Black-Box Vulnerability Scanning Method for Web Application.

To discover web vulnerabilities before they are exploited by malicious attackers, black-box vulnerability scanners scan all the web pages of a web application. However, a web application implemented by several server-side programs with a backend database can generate a massive number of web pages, and may raise an unaffordable time consuming. The root cause of vulnerabilities is the mal-implemented server-side program, instead of any certain web pages that generated by the server-side program. In this paper, an efficient black-box web vulnerability scanning method - handler-ready - is proposed, which highlights the scanning on the server-side programs - handlers - rather than concrete web pages. Handler-ready reduces the HTTP requests of massive web pages to a small number of handlers, and gives the handlers an even chance of being scanned. Therefore, the handler-ready can avoid being stuck with massive web pages that generated by the same handler when scanning. The experimental result shows that the proposed scanning method can discover more vulnerabilities than traditional methods in a limited amount of time.