Web Application Vulnerability Assessment Tools Analysis

Thumbnail Image

Files

Wakhale_umbc_0434M_11897.pdf (2.59 MB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/20778

Collections

UMBC Theses and Dissertations
UMBC Computer Science and Electrical Engineering Department
UMBC Graduate School
UMBC Student Collection

Author/Creator

Author/Creator ORCID

Date

2018-01-01

Type of Work

theses
Text
application:pdf

Department

Computer Science and Electrical Engineering

Program

Computer Science

Citation of Original Publication

Rights

Distribution Rights granted to UMBC by the author.
Access limited to the UMBC community. Item may possibly be obtained via Interlibrary Loan thorugh a local library, pending author/copyright holder's permission.
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.

Subjects

Abstract

In this era, with plethora of web applications and increasing amount of consumers using web applications for different purposes, it becomes very important to protect them from several web vulnerabilities present on the INTERNET. Web applications process large amount of data which they store it in a back-end database server where confidential data like username, password, credit-card information sits. Web applications usually interacts with customers and there is huge dependencies between customers and the server and this dependency introduces huge security holes which can be exploited by a hacker to steal the data [16]. The most common way to find vulnerability in the web application is to perform Vulnerability Assessment and Penetration testing (VAPT) on web application. According to OWASP [16],the most efficient way of securing web application is to manual code review. The drawback of doing manual review is that it requires expert skills and it is very time consuming and hence enterprises uses automated tools to scan the systems and find vulnerabilities in them. Web application scanners are automated tools that scans the web application to detect unknown vulnerabilities in the application. This technique is usually referred as Dynamic Application Security Testing.There are several tools available in the market that does security testing on web applications and gives you detailed report on all the security loopholes present in the system [16]. It requires deep insight and understanding to deal with web application security not because of the many tools that are available, but because it is still in nascent stage. Hence, it becomes really important to find proper tools to scan the web applications and find vulnerabilities present in the system. Most tools available in the market, both open source and paid commercial, confines themselves to the specific set of vulnerabilities in which they are expert.For example, some tools are best designed to find SQL injection in the system while some are good in finding cross-scripting or CSRF. Hence, it becomes important to find the right tools which takes into the consideration of development environment, needs and most importantly web application complexity. This research propose a detailed report on some of the most commonly used tools in the market and their efficiency in finding out the vulnerabilities in the web application and the technique they used to find out the security loopholes present in the application. We discuss several efficient tools along with their advantages and disadvantages, techniques they use and most importantly, their efficiency to detect vulnerabilities in the application. It evaluates all the tools and give recommendation to the developer and user of the web application. It also analyzes whether the development and hosting environment of the application affects its security or not.