An Improving Way For Website Security Assessment

Abstract

Nowadays, the Internet plays a crucial role in our society. AmongInternet services, web-based services are very popular thatbecome the target of security attacks. Hence, securing websitesand connection to the users is important. If we own or manage awebsite, we certainly concern about how secure it is. Forassessing the security level of a website, we usually take someaction, including testing the website using security scanningtools. Unfortunately, most of scanning tools have limitations andneed to be updated frequently for new vulnerabilities. Using onlyone scanning tool is sometime not enough to determine securitylevel of a website. In this paper we propose a frameworksupporting website security assessment. The idea of thisframework is to integrate different scanning tools into theframework. We then write a program to implement thisframework with a real website. We guide the users how to add anew scanning tool to this framework, manage it and generate afinal report.