A method for identifying Web applications

摘要

Web applications are ubiquitous in today's busi-nesses. The security of these applications is of utmost impor-tance since security breaches might negatively impact goodreputation, and even result in bankruptcy. There are differentmethods of assessing security of Web applications, mainlybased on some automated method of scanning. One type ofscan method feeds random data to the application and moni-tors its behavior. The other type uses a database with prede-fined vulnerabilities that are checked one by one until eithera vulnerability is found, or it can be claimed that the applica-tion does not have any known vulnerabilities. The importantstep in latter type of scan process is the identification of theapplication since in this case we are narrowing number ofchecks and, as a consequence, the scan process is faster. Thispaper describes a method for Web application identificationbased on a black box principle. Our method is based on theinvariance of certain characteristics of Web applications. Weexperimentally tested and confirmed the usefulness of thisapproach.