A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions
Autor: | Jahanzeb Shahid, Muhammad Khurram Hameed, Ibrahim Tariq Javed, Kashif Naseer Qureshi, Moazam Ali, Noel Crespi |
---|---|
Jazyk: | angličtina |
Rok vydání: | 2022 |
Předmět: |
Fluid Flow and Transfer Processes
Process Chemistry and Technology General Engineering General Materials Science security vulnerabilities NIST OWASP OWASP top 10 evaluation comparison analysis web application scanners SQL injection cross-site scripting broken authentication sensitive data exposure XML injection security misconfiguration insecure deserialization insufficient logging and monitoring automated vulnerability detection Instrumentation Computer Science Applications |
Zdroj: | Applied Sciences; Volume 12; Issue 8; Pages: 4077 |
ISSN: | 2076-3417 |
DOI: | 10.3390/app12084077 |
Popis: | The growing use of the internet has resulted in an exponential rise in the use of web applications. Businesses, industries, financial and educational institutions, and the general populace depend on web applications. This mammoth rise in their usage has also resulted in many security issues that make these web applications vulnerable, thereby affecting the confidentiality, integrity, and availability of associated information systems. It has, therefore, become necessary to find vulnerabilities in these information system resources to guarantee information security. A publicly available web application vulnerability scanner is a computer program that assesses web application security by employing automated penetration testing techniques that reduce the time, cost, and resources required for web application penetration testing and eliminates test engineers’ dependency on human knowledge. However, these security scanners possess various weaknesses of not scanning complete web applications and generating wrong test results. Moreover, intensive research has been carried out to quantitatively enumerate web application security scanners’ results to inspect their effectiveness and limitations. However, the findings show no well-defined method or criteria available for assessing their results. In this research, we have evaluated the performance of web application vulnerability scanners by testing intentionally defined vulnerable applications and the level of their respective precision and accuracy. This was achieved by classifying the analyzed tools using the most common parameters. The evaluation is based on an extracted list of vulnerabilities from OWASP (Open Web Application Security Project). |
Databáze: | OpenAIRE |
Externí odkaz: |