A Framework for Website Security Assessment

Abstract

Nowadays, the Internet plays a crucial role in our society. Among Internet services, web-based services are very popular that become the target of security attacks. Hence, securing websites and connection to the users is important. If we own or manage a website, we certainly concern about how secure it is. For assessing the security level of a website, we usually take some action, including testing the website using security scanning tools. Unfortunately, most of scanning tools have limitations and need to be updated frequently for new vulnerabilities. Using only one scanning tool is sometime not enough to determine security level of a website. In this paper we propose a framework supporting website security assessment. The idea of this framework is to integrate different scanning tools into the framework. We then write a program to implement this framework with a real website. We guide the users how to add a new scanning tool to this framework, manage it and generate a final report.