TY - GEN
T1 - An Empirical Evaluation of the Effectiveness of Spider and Proxy Modes for Web Security Testing
AU - Chiu, Kuan Wei
AU - Yang, Shih Sheng
AU - Lee, Shin Jie
AU - Lee, Wen Tin
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - Spider and proxy modes are two commonly employed methods supported by dynamic application security testing (DAST) software. Despite efforts to enhance the automated spider's efficiency, deep exploration of web applications is still constrained by the need for manual intervention in certain complex UI operations. In this regard, the proxy mode serves a crucial intermediary, intercepting and inspecting request messages exchanged between the browser and the web application during manual or scripted browsing activities. This study aims to assess the efficacy of these two modes in terms of code coverage and the number of requests, utilizing two popular PHP-based open-source web applications. The experimental findings demonstrate that employing a hybrid mode (Spider-Last) yields a significant improvement compared to using the spider or proxy mode independently.
AB - Spider and proxy modes are two commonly employed methods supported by dynamic application security testing (DAST) software. Despite efforts to enhance the automated spider's efficiency, deep exploration of web applications is still constrained by the need for manual intervention in certain complex UI operations. In this regard, the proxy mode serves a crucial intermediary, intercepting and inspecting request messages exchanged between the browser and the web application during manual or scripted browsing activities. This study aims to assess the efficacy of these two modes in terms of code coverage and the number of requests, utilizing two popular PHP-based open-source web applications. The experimental findings demonstrate that employing a hybrid mode (Spider-Last) yields a significant improvement compared to using the spider or proxy mode independently.
UR - http://www.scopus.com/inward/record.url?scp=85179503028&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85179503028&partnerID=8YFLogxK
U2 - 10.1109/DSA59317.2023.00083
DO - 10.1109/DSA59317.2023.00083
M3 - Conference contribution
AN - SCOPUS:85179503028
T3 - Proceedings - 2023 10th International Conference on Dependable Systems and Their Applications, DSA 2023
SP - 587
EP - 588
BT - Proceedings - 2023 10th International Conference on Dependable Systems and Their Applications, DSA 2023
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 10th International Conference on Dependable Systems and Their Applications, DSA 2023
Y2 - 10 August 2023 through 11 August 2023
ER -