{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,24]],"date-time":"2026-03-24T23:08:46Z","timestamp":1774393726636,"version":"3.50.1"},"reference-count":16,"publisher":"Wiley","license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"NSTIP Strategic Technologies Program","award":["11-INF1855-02"],"award-info":[{"award-number":["11-INF1855-02"]}]},{"DOI":"10.13039\/501100004919","name":"King Abdulaziz City for Science and Technology","doi-asserted-by":"publisher","award":["11-INF1855-02"],"award-info":[{"award-number":["11-INF1855-02"]}],"id":[{"id":"10.13039\/501100004919","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2017]]},"abstract":"<jats:p>The widespread adoption of web vulnerability scanners and the differences in the functionality provided by these tool-based vulnerability detection approaches increase the demand for testing their detection effectiveness. Despite the advantages of dynamic testing approaches, the literature lacks studies that systematically evaluate the performance of open source web vulnerability scanners. The main objectives of this study are to assess the performance of open source scanners from multiple perspectives and to examine their detection capability. This paper presents the results of a comparative evaluation of the security features as well as the performance of four web vulnerability detection tools. We followed this comparative assessment with a case study in which we evaluate the level of agreement between the results reported by two open source web vulnerability scanners. Given that the results of our comparative evaluation did not show significant performance differences among the scanners while the results of the conducted case study revealed high level of disagreement between the reports generated by different scanners, we conclude that the inconsistencies between the reports generated by different scanners might not necessarily correlate with their performance properties. We also present some recommendations for helping developers of web vulnerabilities scanners to improve their tools\u2019 capabilities.<\/jats:p>","DOI":"10.1155\/2017\/6158107","type":"journal-article","created":{"date-parts":[[2017,5,24]],"date-time":"2017-05-24T17:04:34Z","timestamp":1495645474000},"page":"1-14","source":"Crossref","is-referenced-by-count":28,"title":["Performance-Based Comparative Assessment of Open Source Web Vulnerability Scanners"],"prefix":"10.1155","volume":"2017","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-0920-7561","authenticated-orcid":true,"given":"Mansour","family":"Alsaleh","sequence":"first","affiliation":[{"name":"King Abdulaziz City for Science and Technology, Riyadh, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Noura","family":"Alomar","sequence":"additional","affiliation":[{"name":"College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Monirah","family":"Alshreef","sequence":"additional","affiliation":[{"name":"College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdulrahman","family":"Alarifi","sequence":"additional","affiliation":[{"name":"King Abdulaziz City for Science and Technology, Riyadh, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5874-2611","authenticated-orcid":true,"given":"AbdulMalik","family":"Al-Salman","sequence":"additional","affiliation":[{"name":"College of Computer and Information Sciences, King Saud University, Riyadh, Saudi Arabia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"311","reference":[{"key":"7","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2011.06.003"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2010.159"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2006.06.006"},{"key":"32","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14215-4_7"},{"key":"41","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40597-6_20"},{"key":"44","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.08.002"},{"key":"45","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2013.02.005"},{"key":"47","doi-asserted-by":"publisher","DOI":"10.1371\/journal.pone.0164383"},{"issue":"3","key":"50","first-page":"77","year":"2006","journal-title":"IEEE Security & Privacy"},{"key":"52","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1147"},{"key":"53","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2006.108"},{"key":"55","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2017.2651741"},{"key":"56","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.23"},{"key":"59","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2012.11.007"},{"key":"61","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2005.01.003"},{"key":"66","doi-asserted-by":"publisher","DOI":"10.1007\/s00607-017-0546-9"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2017\/6158107.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2017\/6158107.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2017\/6158107.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,5,24]],"date-time":"2017-05-24T17:04:39Z","timestamp":1495645479000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2017\/6158107\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"references-count":16,"alternative-id":["6158107","6158107"],"URL":"https:\/\/doi.org\/10.1155\/2017\/6158107","relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"value":"1939-0114","type":"print"},{"value":"1939-0122","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}