The preparation of cross-site scripting in automated web application vulnerability assessment: The quantitative analysis

Abstract

Nowadays, practitioners have automated web application vulnerability assessment to speed up the testing life-cycle. Although this area of research had been widely studied worldwide for decades, however, existing studies show present state-of-the-art of automated web application vulnerability assessment still suffer from limitations of false alarms, which including both false positive and false negative. Therefore, this paper extends present research works by quantitatively analysing the web application security scanners’ quality. The objective is to investigate present state-of-the-art performance in cross-site scripting detection for witnessing the decades of evolution. This paper achieves desired goal using the experimental research method, which the paper had quantitatively analysed six web application security scanner’s performance for clarifying these scanners’ capability in detecting the cross-site scripting. The experiment result shows present state-of-the-art still suffer from limitations of false positive, false negative and redundant test results.