Skip to Main Content
Several vulnerability analysis techniques in web-based applications detect and report on different types of vulnerabilities. However, no single technique provides a generic technology-independent handling of Web-based vulnerabilities. In this paper we present our experience with and experimental exemplification of using the application vulnerability description language (AVDL) to realize a unified data model for technology-independent vulnerability analysis of Web applications. This work is part of a project that is funded by the Centre for Strategic Infocomm Technologies, Ministry of Defence Singapore.