Uma Ferramenta Livre e ExtensíVel Para Detec o de Vulnerabilidades em Sistemas Web

The increasing number of intrusions and data thefts on online systems is one of the triggers of the growing concern about security inside organizations. Nowadays, dynamic and extensible detection tools are required and critical to detect and diagnose vulnerabilities in Web systems. In this paper we present the development and evaluation of a vulnerability scanner for online systems. Unlike most existing tools, it is free and open source, available at SourceForge, and has a modular and extensible architecture. The achieved results show that the proposed tool, called Uniscan, is able to better detect and diagnose vulnerabilities such as LFI, RFI and RCE.