{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T04:08:22Z","timestamp":1750133302246,"version":"3.41.0"},"publisher-location":"Cham","reference-count":20,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030781194"},{"type":"electronic","value":"9783030781200"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-78120-0_4","type":"book-chapter","created":{"date-parts":[[2021,6,17]],"date-time":"2021-06-17T05:02:49Z","timestamp":1623906169000},"page":"53-65","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["A Performance Assessment of Free-to-Use Vulnerability Scanners - Revisited"],"prefix":"10.1007","author":[{"given":"Ricardo","family":"Ara\u00fajo","sequence":"first","affiliation":[]},{"given":"Ant\u00f3nio","family":"Pinto","sequence":"additional","affiliation":[]},{"given":"Pedro","family":"Pinto","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,6,15]]},"reference":[{"key":"4_CR1","doi-asserted-by":"crossref","unstructured":"Aksu, M.U., Altuncu, E., Bicakci, K.: A first look at the usability of openvas vulnerability scanner. In: Workshop on Usable Security (USEC) 2019. NDSS (2019)","DOI":"10.14722\/usec.2019.23026"},{"key":"4_CR2","doi-asserted-by":"publisher","first-page":"453","DOI":"10.1016\/j.procs.2010.12.076","volume":"3","author":"ABM Ali","year":"2011","unstructured":"Ali, A.B.M., Abdullah, M.S., Shakhatreh, A.Y.I., Alostad, J.: SQL-injection vulnerability scanning tool for automatic creation of SQL-injection attacks. Procedia Comput. Sci. 3, 453\u2013458 (2011)","journal-title":"Procedia Comput. Sci."},{"issue":"9","key":"4_CR3","doi-asserted-by":"publisher","first-page":"1842","DOI":"10.1002\/spe.2870","volume":"50","author":"R Amankwah","year":"2020","unstructured":"Amankwah, R., Chen, J., Kudjo, P.K., Towey, D.: An empirical comparison of commercial and open-source web vulnerability scanners. Softw. Pract. Exp. 50(9), 1842\u20131857 (2020)","journal-title":"Softw. Pract. Exp."},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Austin, A., Williams, L.: One technique is not enough: a comparison of vulnerability discovery techniques. In: 2011 International Symposium on Empirical Software Engineering and Measurement, pp. 97\u2013106. IEEE (2011)","DOI":"10.1109\/ESEM.2011.18"},{"key":"4_CR5","unstructured":"Chimmanee, S., Veeraprasit, T., SriphREw, K., Hemanidhi, A.: A performance comparison of vulnerability detection between netclarity auditor and open source nessus. In: Proceeding of the 3rd European Conference of Communications (ECCOM 2012), pp. 280\u2013285 (2012)"},{"key":"4_CR6","unstructured":"Cimpanu, C.: Google open sources Tsunami vulnerability scanner. ZDNet, July 2020. https:\/\/www.zdnet.com\/article\/google-open-sources-tsunami-vulnerability-scanner\/"},{"key":"4_CR7","unstructured":"The MITRE Corporation: Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/. Accessed 10 Feb 2020"},{"key":"4_CR8","doi-asserted-by":"crossref","unstructured":"Daud, N.I., Bakar, K.A.A., Hasan, M.S.M.: A case study on web application vulnerability scanning tools. In: 2014 Science and Information Conference, pp. 595\u2013600. IEEE (2014)","DOI":"10.1109\/SAI.2014.6918247"},{"key":"4_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"111","DOI":"10.1007\/978-3-642-14215-4_7","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Doup\u00e9","year":"2010","unstructured":"Doup\u00e9, A., Cova, M., Vigna, G.: Why Johnny can\u2019t Pentest: an analysis of black-box web vulnerability scanners. In: Kreibich, C., Jahnke, M. (eds.) DIMVA 2010. LNCS, vol. 6201, pp. 111\u2013131. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-14215-4_7"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Fonseca, J., Vieira, M., Madeira, H.: Testing and comparing web vulnerability scanning tools for SQL injection and XSS attacks. In: 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), pp. 365\u2013372. IEEE (2007)","DOI":"10.1109\/PRDC.2007.55"},{"issue":"2","key":"4_CR11","doi-asserted-by":"publisher","first-page":"164","DOI":"10.1016\/j.cose.2011.12.014","volume":"31","author":"H Holm","year":"2012","unstructured":"Holm, H.: Performance of automated network vulnerability scanning at remediating security issues. Comput. Secur. 31(2), 164\u2013175 (2012)","journal-title":"Comput. Secur."},{"issue":"4","key":"4_CR12","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1108\/09685221111173058","volume":"19","author":"H Holm","year":"2011","unstructured":"Holm, H., Sommestad, T., Almroth, J., Persson, M.: A quantitative evaluation of vulnerability scanning. Inf. Manag. Comput. Secur. 19(4), 231\u2013247 (2011)","journal-title":"Inf. Manag. Comput. Secur."},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Kals, S., Kirda, E., Kruegel, C., Jovanovic, N.: Secubat: a web vulnerability scanner. In: Proceedings of the 15th International Conference on World Wide Web, pp. 247\u2013256 (2006)","DOI":"10.1145\/1135777.1135817"},{"issue":"2","key":"4_CR14","first-page":"69","volume":"1","author":"R Kushe","year":"2017","unstructured":"Kushe, R.: Comparative study of vulnerability scanning tools: Nessus vs Retina. Secur. Future 1(2), 69\u201371 (2017)","journal-title":"Secur. Future"},{"key":"4_CR15","doi-asserted-by":"crossref","unstructured":"Mburano, B., Si, W.: Evaluation of web vulnerability scanners based on owasp benchmark. In: 2018 26th International Conference on Systems Engineering (ICSEng), pp. 1\u20136. IEEE (2018)","DOI":"10.1109\/ICSENG.2018.8638176"},{"key":"4_CR16","doi-asserted-by":"crossref","unstructured":"Qianqian, W., Xiangjun, L.: Research and design on web application vulnerability scanning service. In: 2014 IEEE 5th International Conference on Software Engineering and Service Science, pp. 671\u2013674. IEEE (2014)","DOI":"10.1109\/ICSESS.2014.6933657"},{"key":"4_CR17","unstructured":"Rapid7: Free Nexpose Community 1-Year Trial. https:\/\/www.rapid7.com\/info\/nexpose-community"},{"key":"4_CR18","unstructured":"Tenable: Nessus Vulnerability Assessment Tool. https:\/\/www.tenable.com\/products\/nessus. Accessed 10 Feb 2020"},{"key":"4_CR19","doi-asserted-by":"crossref","unstructured":"Wang, Y., Yang, J.: Ethical hacking and network defense: choose your best network vulnerability scanning tool. In: 2017 31st International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 110\u2013113 (2017)","DOI":"10.1109\/WAINA.2017.39"},{"key":"4_CR20","unstructured":"Welberg, S.: Vulnerability management tools for cots software-a comparison. Hg. v. University of Twente (2008). https:\/\/research.utwente.nl\/files\/5101819\/Vulnerability_management_tools_for_COTS_software_-_a_comparison_v2.1.pdf"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-78120-0_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,16]],"date-time":"2025-06-16T22:02:18Z","timestamp":1750111338000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-78120-0_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030781194","9783030781200"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-78120-0_4","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"15 June 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SEC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on ICT Systems Security and Privacy Protection","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Oslo","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Norway","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 June 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 June 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"36","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"sec2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.ifipsec.org\/2021\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"112","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"28","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"25% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}