Measuring Vulnerability Assessment Tools’ Performance on the University Web Application-Reference-Cited by-同舟云学术

Measuring Vulnerability Assessment Tools’ Performance on the University Web Application

Published:2023-10-03 Issue:6 Volume:31 Page:2973-2993
ISSN:2231-8526
Container-title:Pertanika Journal of Science and Technology
language:en
Short-container-title:JST

Author:

Jarupunphol Pita,Seatun Suppachochai,Buathong Wipawan

Abstract

This research measured vulnerability assessment tools’ performance on a university web application, including Burp Suite and OWASP ZAP. There are three measurement criteria: (1) the number of vulnerabilities classified under risk and confidence metrics, (2) the number of vulnerability types and URL alerts classified under risk and confidence metrics, and (3) the number of vulnerabilities classified in the 2021 OWASP Top 10 vulnerabilities. Results showed that Burp Suite detected more vulnerabilities and alerts than OWASP ZAP, with a higher proportion of high-risk vulnerabilities. However, OWASP ZAP had a higher proportion of medium-confidence vulnerabilities. The comparison also revealed that the vulnerabilities identified by both tools were ranked differently within the OWASP Top 10, and there were variations in risk prioritisation between the tools. Despite these differences, the vulnerability assessment results obtained from these tools are still helpful for the university’s security analysts and administration, as mitigating cyber threats to the web application is paramount.

Publisher

Universiti Putra Malaysia

Subject

General Earth and Planetary Sciences,General Environmental Science

Reference31 articles.

1. Abdullah, H. S. (2020). Evaluation of open source web application vulnerability scanners. Academic Journal of Nawroz University, 9(1), 47-52. https://doi.org/10.25007/ajnu.v9n1a532

2. Alexei, L. A., & Alexei, A. (2021). Cyber security threat analysis in higher education institutions as a result of distance learning. International Journal of Scientific & Technology Research, 10(3), 128-133.

3. Alsaleh, M., Alomar, N., Alshreef, M., Alarifi, A., & Al-Salman, A. M. (2017). Performance-based comparative assessment of open source web vulnerability scanners. Security and Communication Networks, 2017, Article 6158107. https://doi.org/10.1155/2017/6158107

4. Amankwah, R., Chen, J., Kudjo, P. K., & Towey, D. (2020). An empirical comparison of commercial and open-source web vulnerability scanners. Software - Practice and Experience, 50(9), 1842-1857. https://doi.org/10.1002/spe.2870

5. Amankwah, R., Chen, J., Kudjo, P. K., Agyemang, B. K., & Amponsah, A. A. (2020). An automated framework for evaluating open-source web scanner vulnerability severity. Service Oriented Computing and Applications, 14, 297-307. https://doi.org/10.1007/s11761-020-00296-9

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Tackling Threats: A Study of Vulnerability Testing and Mitigation in Web Applications;SSRN Electronic Journal;2024