Abstract
Web applications are indispensable to today's business operations. The emergence of e-commerce platforms, online finance, and social networking websites has significantly transformed our interactions, communication, and business practices. This increased dependence on web applications has increased the likelihood of cyber threats and attacks. Therefore, it is of the utmost importance to implement robust security measures to protect sensitive data and reduce intrusions. Incorporating evidence from penetration testing techniques, tools and OWASP risk methodology, this study demonstrates the inherent limitations of relying exclusively on a single scanning tool, as evidenced by the different results obtained when using several different techniques and tools. It argues that the most effective technique for identifying and remediating web application vulnerabilities is to implement a comprehensive testing technique that incorporates different kinds of vulnerability scanners and techniques. These concerns are especially evident when using grey box testing techniques along with manual and automated scanning tools such as Acunetix, Invicti, Burp Suite Professional, and OWASP ZAP to evaluate the different factors such as vulnerability coverage, scanning speed, vulnerability detection, and false positive rate. By adopting the method described, the security community can obtain reliable information that will help them make informed decisions when selecting penetration testing techniques and tools to effectively secure websites and applications information.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2024 International Conference on Advances in Computing Research on Science Engineering and Technology (ACROSET) |
Publisher | Institute of Electrical and Electronics Engineers Inc. |
Number of pages | 21 |
ISBN (Electronic) | 9798350388800 |
ISBN (Print) | 9798350388817 |
DOIs | |
Publication status | Published - 12 Nov 2024 |
Event | 2024 International Conference on Advances in Computing Research on Science Engineering and Technology - Acropolis Institute of Technology and Research (& Online), Indore, India Duration: 27 Sept 2024 → 28 Sept 2024 https://www.acroset.in/ (Link to conference website) |
Conference
Conference | 2024 International Conference on Advances in Computing Research on Science Engineering and Technology |
---|---|
Abbreviated title | ACROSET 2024 |
Country/Territory | India |
City | Indore |
Period | 27/09/24 → 28/09/24 |
Internet address |
|
Keywords
- Data Breach
- Information security
- Malicious
- OWASP
- Penetration testing techniques
- Scanning
- Web Application
ASJC Scopus subject areas
- Artificial Intelligence
- Computer Networks and Communications
- Computer Science Applications
- Information Systems and Management
- Engineering (miscellaneous)
- Control and Optimization
- Health Informatics