Evaluation of information security in web application through penetration testing techniques using OWASP risk methodology

Chinekezi Chinyere Echefunna, Jude Osamor, Celestine Iwendi, Pius Owoh, Moses Ashawa, Anand Philip

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Downloads (Pure)

Abstract

Web applications are indispensable to today's business operations. The emergence of e-commerce platforms, online finance, and social networking websites has significantly transformed our interactions, communication, and business practices. This increased dependence on web applications has increased the likelihood of cyber threats and attacks. Therefore, it is of the utmost importance to implement robust security measures to protect sensitive data and reduce intrusions. Incorporating evidence from penetration testing techniques, tools and OWASP risk methodology, this study demonstrates the inherent limitations of relying exclusively on a single scanning tool, as evidenced by the different results obtained when using several different techniques and tools. It argues that the most effective technique for identifying and remediating web application vulnerabilities is to implement a comprehensive testing technique that incorporates different kinds of vulnerability scanners and techniques. These concerns are especially evident when using grey box testing techniques along with manual and automated scanning tools such as Acunetix, Invicti, Burp Suite Professional, and OWASP ZAP to evaluate the different factors such as vulnerability coverage, scanning speed, vulnerability detection, and false positive rate. By adopting the method described, the security community can obtain reliable information that will help them make informed decisions when selecting penetration testing techniques and tools to effectively secure websites and applications information.
Original languageEnglish
Title of host publicationProceedings of the 2024 International Conference on Advances in Computing Research on Science Engineering and Technology (ACROSET)
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages21
ISBN (Electronic)9798350388800
ISBN (Print)9798350388817
DOIs
Publication statusPublished - 12 Nov 2024
Event2024 International Conference on Advances in Computing Research on Science Engineering and Technology - Acropolis Institute of Technology and Research (& Online), Indore, India
Duration: 27 Sept 202428 Sept 2024
https://www.acroset.in/ (Link to conference website)

Conference

Conference2024 International Conference on Advances in Computing Research on Science Engineering and Technology
Abbreviated titleACROSET 2024
Country/TerritoryIndia
CityIndore
Period27/09/2428/09/24
Internet address

Keywords

  • Data Breach
  • Information security
  • Malicious
  • OWASP
  • Penetration testing techniques
  • Scanning
  • Web Application

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Computer Science Applications
  • Information Systems and Management
  • Engineering (miscellaneous)
  • Control and Optimization
  • Health Informatics

Fingerprint

Dive into the research topics of 'Evaluation of information security in web application through penetration testing techniques using OWASP risk methodology'. Together they form a unique fingerprint.

Cite this