Evaluation of Web Application Vulnerability Scanner for Modern Web Application

Azwar Al Anhar, Yohan Suryanto

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)

Abstract

Current needs and developments encourage the increasing use of digital-based applications. One of them is a web-based application that is easy to access and used by today's society. Along with these developments, it is common for vulnerabilities to exist in web applications that the owners are unaware of. It creates the risk of data leakage or damage to the organization's reputation as the application owner. In addition, the number of web applications owned by an organization or company leads to challenges in finding vulnerabilities in these applications. This happened due to time and resource constraints for conducting manual assessments. Therefore, there is necessary to use a web application vulnerability scanner, which performs vulnerability scanning automatically, to be able to help and streamline the search for vulnerabilities. There are many types of web application vulnerability scanners that can be used for free or commercially. This study evaluated the capabilities of WAVS (Web Application Vulnerability Scanners) tools such as OWASP ZAP, Wapiti, Arachni, and Burp Suite Professional with NodeJS-based benchmark targets, namely Damn Vulnerable NodeJS Application (DVNA) and NodeGoat. This study found that the four WAVS have an average f-measured value between 0.4-0.6. Burp Suite Professional had the best True Positive (TP) and Recall values, while Arachni for perfect Precision valued for both benchmark targets.

Original languageEnglish
Title of host publicationICAICST 2021 - 2021 International Conference on Artificial Intelligence and Computer Science Technology
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages200-204
Number of pages5
ISBN (Electronic)9781665424042
DOIs
Publication statusPublished - 29 Jun 2021
Event2021 International Conference on Artificial Intelligence and Computer Science Technology, ICAICST 2021 - Virtual, Online
Duration: 29 Jun 2021 → …

Publication series

NameICAICST 2021 - 2021 International Conference on Artificial Intelligence and Computer Science Technology

Conference

Conference2021 International Conference on Artificial Intelligence and Computer Science Technology, ICAICST 2021
CityVirtual, Online
Period29/06/21 → …

Keywords

  • application
  • scanner
  • security
  • vulnerability
  • web

Fingerprint

Dive into the research topics of 'Evaluation of Web Application Vulnerability Scanner for Modern Web Application'. Together they form a unique fingerprint.

Cite this