Vulnerability modelling to improve performance of web application vulnerability scanners

Abstract

Although web vulnerability scanners are valuable components when auditing the security of an application or website, they largely lack the ability to identify important vulnerability classes in advance. Therefore, a scanner is needed to help cover a wide range of vulnerability types. A new modelling of Web vulnerabilities is proposed in this article to highlight the input vectors that can convey them in Web applications. The modelling will then be used in the dataset creation phase based on the input vectors that will subsequently be modelled and detailed in this article. The modelling will be considered as the input of the learning system, in order to apply machine-learning techniques later, to optimize the scanners and this by improving the vulnerability detection performances by these tools.