WIVET-benchmarking coverage qualities of web crawlers
| dc.authorid | 0000-0003-4562-8486 | |
| dc.contributor.author | Tatlı, Emin İslam | |
| dc.contributor.author | Urgun, Bedirhan | |
| dc.date.accessioned | 10.07.201910:49:13 | |
| dc.date.accessioned | 2019-07-10T19:51:33Z | |
| dc.date.available | 10.07.201910:49:13 | |
| dc.date.available | 2019-07-10T19:51:33Z | |
| dc.date.issued | 2017 | |
| dc.department | İstanbul Medipol Üniversitesi, Mühendislik ve Doğa Bilimleri Fakültesi, Elektrik ve Elektronik Mühendisliği Bölümü | |
| dc.description | WOS: 000397192400008 | |
| dc.description.abstract | Web application vulnerability scanners (WAVS) include crawler components to extract all accessible links of tested web pages in order to identify attack entry points and parameters. After extracting links, they perform different types of attacks over each extracted link and try to find out existing vulnerabilities in the tested web application for reporting. A WAVS tool that has a low-quality crawler component would generate false-negative results, since failing to discover existing links would inhibit detection of possible vulnerabilities exposed through these links. Therefore, the coverage quality of its crawler plays a very important role in the success of a WAVS tool. In this paper, we propose a novel method for analyzing and comparing coverage qualities of WAVS crawlers. We developed WIVET (Web Input Vector Extractor Teaser) as a benchmarking tool for analyzing crawler components of WAVS. WIVET evaluates WAVS crawlers based on their extraction capability of 56 target links that are generated statically or dynamically by WIVET's 21 test cases. We explain WIVET's architecture, all WIVET test cases and target links with code examples, integration of WIVET into WAVS development environments and WAVS benchmarking results in detail. | |
| dc.description.sponsorship | TUBITAK, The Scientific and Technical Research Council of Turkey [BIDEB 2232, 114C104] | en_US |
| dc.description.sponsorship | TUBITAK, The Scientific and Technical Research Council of Turkey (grant BIDEB 2232, Project No.: 114C104). | en_US |
| dc.identifier.citation | Tatlı, E. İ. ve Urgun, B. (2017). WIVET-benchmarking coverage qualities of web crawlers. Computer Journal, 60(4), 555-572. https://dx.doi.org/10.1093/comjnl/bxw072 | |
| dc.identifier.doi | 10.1093/comjnl/bxw072 | |
| dc.identifier.endpage | 572 | |
| dc.identifier.issn | 0010-4620 | |
| dc.identifier.issn | 1460-2067 | |
| dc.identifier.issue | 4 | |
| dc.identifier.scopusquality | Q2 | |
| dc.identifier.startpage | 555 | |
| dc.identifier.uri | https://dx.doi.org/10.1093/comjnl/bxw072 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.12511/2238 | |
| dc.identifier.volume | 60 | |
| dc.identifier.wosquality | Q3 | |
| dc.indekslendigikaynak | Web of Science | |
| dc.indekslendigikaynak | Scopus | |
| dc.language.iso | en | |
| dc.publisher | Oxford University Press | |
| dc.relation.ispartof | Computer Journal | en_US |
| dc.relation.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | |
| dc.rights | info:eu-repo/semantics/closedAccess | |
| dc.subject | Web Security | |
| dc.subject | Web Application Vulnerability Scanner | |
| dc.subject | Black-Box Testing | |
| dc.subject | Web Crawling | |
| dc.subject | Hidden Web | |
| dc.title | WIVET-benchmarking coverage qualities of web crawlers | |
| dc.type | Article |
