A Comparative Study of Web Application Security Scanners for Vulnerability Detection

Hasan Abualese*, Thamer Al-Rousan**
* The World Islamic Sciences and Education University, Amman, Jordan.
** Isra University, Jordan.
Periodicity:April - June'2023
DOI : https://doi.org/10.26634/jse.17.4.19813

Abstract

A Web Vulnerability Scanner (WVS) is a software tool that assesses the security of web applications by conducting automated penetration tests. It speeds up the process, reduces costs, and eliminates the need for specialized testing engineers. This study evaluates the vulnerability detection capabilities of six WVSs, three commercial scanners, and three open-source scanners. The goal is to identify and mitigate potential security risks before they are exploited by malicious users. The study employed two well-known vulnerable web applications and four relevant metrics, such as detection rate of accuracy, recall, precision, and the ability to detect different vulnerabilities using the Open Web Application Security Project (OWASP) as a reference.

Keywords

Web Applications, Evaluation, Vulnerabilities, Web Vulnerability Scanners, Vulnerability Detection.

How to Cite this Article?

Abualese, H., and Al-Rousan, T. (2023). A Comparative Study of Web Application Security Scanners for Vulnerability Detection. i-manager’s Journal on Software Engineering, 17(4), 1-8. https://doi.org/10.26634/jse.17.4.19813

References

[3]. Al Awaida, S. A., Al-Shargabi, B., & Al-Rousan, T. (2019). Automated arabic essay grading system based on f-score and arabic worldnet. Jordanian Journal of Computers and Information Technology, 5(3), 170-180.
[4]. Al-Rousan, T., Sulaiman, S., & Salam, R. A. (2009). Risk analysis and web project management. Journal of Software, 4(6), 614-621.
[5]. Al-Rouson, T., Sulaimin, S., & Salam, R. A. (2009). Supporting architectural design decision through risk identification architecture pattern (RIAP) model. WSEAS Transactions on Information Science and Applications, 6(4), 611-620.
[12]. De Ryck, P., Desmet, L., Piessens, F., & Johns, M. (2014). Primer on Client-Side Web Security. Springer.
[19]. Idrissi, S. E., Berbiche, N., Guerouate, F., & Shibi, M. (2017). Performance evaluation of web application security scanners for prevention and protection against vulnerabilities. International Journal of Applied Engineering Research, 12(21), 11068-11076.
[25]. Mohammed, R. (2016). Assessment of web scanner tools. International Journal of Computer Applications, 133(5), 1-4.
[27]. Nidhra, S., & Dondeti, J. (2012). Black box and white box testing techniques-A literature review. International Journal of Embedded Systems and Applications (IJESA), 2(2), 29-50.
[34]. Suto, L. (2007). Analyzing the effectiveness and coverage of web application security scanners. In Conference on Web Application Security, San Francisco.
[36]. Trost, A., & Zemva, A. (2019). A web-based tool for learning digital circuit high-level modeling. International Journal of Engineering Education, 35(4), 1224-1237.
If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Single Article

North Americas,UK,
Middle East,Europe
India Rest of world
USD EUR INR USD-ROW
Online 15 15

Options for accessing this content:
  • If you would like institutional access to this content, please recommend the title to your librarian.
    Library Recommendation Form
  • If you already have i-manager's user account: Login above and proceed to purchase the article.
  • New Users: Please register, then proceed to purchase the article.