cross-site / web applications / Black-box web vulnerability scanners / web application vulnerability scanner / open source Web Input Vector / web application vulnerability scanners / photo-purchasing site / web link extractors / open-source tools / web application / Web application scanners / search functionality / functional web application / web-specific vulnerabilities / web vulnerability scanners / Web application vulnerabilities / real-world applications / realistic web application / administrator web site / e-commerce sites / particular technology / search page / web application vulnerability scanner tests / Web Application Scanners In abstract / Web Vulnerability Scanners Adam Doup´e / educational tools / Web Application Vulnerabilities Web applications / black-box web application vulnerability scanners / client-side technologies / test applications / /
OperatingSystem
XP / Paros / Microsoft Windows / /
Organization
University of California / Santa Barbara / /
Person
Johnny Can / Marco Cova / /
Position
administrator / representative / open source Web Input Vector Extractor / /
Product
WackoPicko / File line Inclusion Injection / Windows XP / The stored SQL injection / Reflected XSS Stored XSS Reflected SQL Injection / SQL injection / Line Injection / /
Why Johnny Can’t Pentest: An Analysis of Black-box Web Vulnerability Scanners Adam Doup´e, Marco Cova, and Giovanni Vigna University of California, Santa Barbara {adoupe,marco,vigna}@cs.ucsb.edu