Comparative analysis of the effectiveness of OWASP ZAP, Burp Suite, Nikto and Skipfish in testing the security of web applications

Aleksandra Kondraciuk; Aleksandra Bartos; Beata Pańczyk

doi:10.35784/jcsi.2929

Open full text

PDF

Published: Sep 30, 2022

DOI: https://doi.org/10.35784/jcsi.2929

DOI

https://doi.org/10.35784/jcsi.2929

Authors

Aleksandra Kondraciuk

aleksandra.kondraciuk@pollub.edu.pl

Lublin University of Technology

Aleksandra Bartos

aleksandra.bartos@pollub.edu.pl

Lublin University of Technology

Beata Pańczyk

b.panczyk@pollub.pl

Lublin University of Technology

https://orcid.org/0000-0001-8908-8501

Abstract

Application security is one of the key aspects necessary for its proper functioning. Ensuring security consists primarily in conducting regular penetration tests and checking the vulnerability of the application to various types of attacks. The recommended solution is to use tools dedicated to detecting security holes in applications. Choosing the right tool from among those available on the market can be difficult. This article presents a comparative analysis of the effectiveness of popular application security testing tools in terms of the number of detected vulnerabilities. The analysis was based on the obtained results of scanning two Internet applications containing a number of security vulnerabilities, used to learn ethical hacking.

Keywords:

application security, penetration tests, testing tools

References

D.D. Bertoglio, A.F. Zorzo, Overview and open issues on penetration test, Journal of the Brazilian Computer Society volume 23, Article number 2 (2017) 1-2. DOI: https://doi.org/10.1186/s13173-017-0051-1

Spis narzędzi służących do skanowania bezpieczeństwa polecanych przez OWASP, https://owasp.org/www-community/Vulnerability_Scanning_Tools, [02.2022].

R. Devi, M. Kumar, Testing for Security Weakness of Web Applications using Ethical Hacking, 2020 4th International Conference on Trends in Electronics and Informatics (2020) 354, 358-360. DOI: https://doi.org/10.1109/ICOEI48184.2020.9143018

D. Sagar, S. Kukreja, J. Brahma, S. Tyagi, P. Jain, Studying Open Source Vulnerability Scanners For Vulnerabilities In Web Applications, Accendere KMS Services Pvt. Ltd, New Delhi, INDIA (2018) 43-49.

B. Mburano, W. Si, Evaluation of Web Vulnerability Scanners Based on OWASP Benchmark, 2018 26th International Conference on Systems Engineering (2018) 1-2. DOI: https://doi.org/10.1109/ICSENG.2018.8638176

Dokumentacja i kod źródłowy aplikacji bWAPP, https://sourceforge.net/projects/bwapp/files/bWAPP/, [03.2022].

Dokumentacja i kod źródłowy aplikacji Mutillidae, https://github.com/webpwnized/mutillidae, [03.2022].

M. El, E. McMahon, S. Samtani, M. Patton, H. Chen, Benchmarking vulnerability scanners: An experiment on SCADA devices and scientific instruments, IEEE International Conference on Intelligence and Security Informatics (ISI) (2017) 83-85. DOI: https://doi.org/10.1109/ISI.2017.8004879

S. Tyagi, K. Kumar, Evaluation of Static Web Vulnerability Analysis Tools, 2018 Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC) (2018) 1-3. DOI: https://doi.org/10.1109/PDGC.2018.8745996

Kondraciuk, A., Bartos, A., & Pańczyk, B. (2022). Comparative analysis of the effectiveness of OWASP ZAP, Burp Suite, Nikto and Skipfish in testing the security of web applications. Journal of Computer Sciences Institute, 24, 176–180. https://doi.org/10.35784/jcsi.2929

Article Sidebar

Main Article Content

DOI

Authors

Abstract

Keywords:

References

Article Details

License