Affiliation:
1. The World Islamic Sciences and Education University
2. Isra University
Abstract
A Web Vulnerability Scanner (WVS) is a software tool that assesses the security of web applications by conducting automated penetration tests. It speeds up the process, reduces costs, and eliminates the need for specialized testing engineers. This study evaluates the vulnerability detection capabilities of six WVSs, three commercial scanners, and three open-source scanners. The goal is to identify and mitigate potential security risks before they are exploited by malicious users. The study employed two well-known vulnerable web applications and four relevant metrics, such as detection rate of accuracy, recall, precision, and the ability to detect different vulnerabilities using the Open Web Application Security Project (OWASP) as a reference.
Subject
General Earth and Planetary Sciences,General Environmental Science
Reference39 articles.
1. A New Trust Framework for E-Government in Cloud of Things
2. An automated black box approach for web vulnerability identification and attack scenario generation
3. Al Awaida, S. A., Al-Shargabi, B., & Al-Rousan, T.
(2019). Automated arabic essay grading system based
on f-score and arabic worldnet. Jordanian Journal of
Computers and Information Technology, 5(3), 170-180.
4. Al-Rousan, T., Sulaiman, S., & Salam, R. A. (2009). Risk
analysis and web project management. Journal of
Software, 4(6), 614-621.
5. Al-Rouson, T., Sulaimin, S., & Salam, R. A. (2009).
Supporting architectural design decision through risk
identification architecture pattern (RIAP) model. WSEAS
Transactions on Information Science and Applications,
6(4), 611-620.