ANALYSIS OF METHODS AND MEANS FOR SELECTING AND INTEGRATING VULNERABILITY SCANNERS FOR PENETRATION TESTING OF INTERNET SYSTEMS
DOI:
https://doi.org/10.31891/2219-9365-2024-78-39Keywords:
web applications, IoT, testing scanners, web scanner evaluation metrics, attack treeAbstract
With the rapid growth in popularity and use of the Internet over the years, the number of web applications has increased significantly. We use web applications in almost all areas of our lives, including communication, banking, education, and more. Web applications are always available from anywhere there is an Internet connection, allowing us to communicate and collaborate. From the point of view of private and public organizations, the full or partial transfer of professional activities to cyberspace has increased their vulnerability to cyberattacks. Web applications are popular with hackers because the same features that make them attractive to users also attract hackers. Web applications store large amounts of data that hackers can use for their own purposes. The increase in the use of web applications was influenced by the COVID-19 pandemic, which caused many changes in many areas of people's lives, which directly contributed to the emergence of the phenomenon of cyber pandemic. Existing infrastructures are forced to cope with increased network traffic, making them vulnerable to various types of attacks. But not only the development of the use of web applications has influenced the growth of cyber attacks, nowadays we cannot forget about war.
This paper presents the results of a literature review on the integration of vulnerability scanners. Existing approaches to the use of black-box scanners for vulnerability detection are discussed. Metrics and datasets used in evaluating object detection methods in computer vision are analyzed, along with the trends in the development of these methods. The metrics and datasets used in the selection and integration of vulnerability scanners for penetration testing of Internet systems are examined. Conclusions are drawn regarding the applicability of various scanners for vulnerability detection, considering the diversity of technologies used in building Internet systems. Prospective research directions are identified.
