Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency
Web application security is a critical aspect of modern cybersecurity, necessitating efficient and reliable vulnerability detection mechanisms. This study presents a quantitative analysis of unique web application vulnerabilities detected by four automated scanning tools: Nessus, Acunetix, OWASP ZAP...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Sciendo
2025-06-01
|
| Series: | SEEU Review |
| Subjects: | |
| Online Access: | https://doi.org/10.2478/seeur-2025-0021 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850082311634157568 |
|---|---|
| author | Zogaj Gani Ismaili Florie Idrizi Ermira Luma Artan |
| author_facet | Zogaj Gani Ismaili Florie Idrizi Ermira Luma Artan |
| author_sort | Zogaj Gani |
| collection | DOAJ |
| description | Web application security is a critical aspect of modern cybersecurity, necessitating efficient and reliable vulnerability detection mechanisms. This study presents a quantitative analysis of unique web application vulnerabilities detected by four automated scanning tools: Nessus, Acunetix, OWASP ZAP, and BeSECURE. We scanned 67 web applications and sorted the vulnerabilities we found into four categories: Critical, High, Medium, and Low. This study evaluates each tool’s effectiveness and reliability using mean and standard deviation, providing key insights into their performance consistency. Using straightforward statistical methods, we aim to determine which scanning tool performs best in finding vulnerabilities while maintaining consistent results across different web applications. Additionally, the analysis offers comparative insights into the performance variations among these tools, highlighting their strengths and limitations. The study paper contributes to strategic decision-making in cybersecurity, enabling organizations to select the most effective tools for vulnerability assessment. The findings demonstrate that OWASP ZAP exhibits superior detection capabilities and consistency across various severity levels, while integrating tools like Nessus, BeSECURE, and Acunetix enhances vulnerability detection, with Nessus excelling in identifying critical and high-severity vulnerabilities. |
| format | Article |
| id | doaj-art-b91cee7d25f642e5af63379243b929ee |
| institution | DOAJ |
| issn | 1857-8462 |
| language | English |
| publishDate | 2025-06-01 |
| publisher | Sciendo |
| record_format | Article |
| series | SEEU Review |
| spelling | doaj-art-b91cee7d25f642e5af63379243b929ee2025-08-20T02:44:33ZengSciendoSEEU Review1857-84622025-06-0120113615210.2478/seeur-2025-0021Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool EfficiencyZogaj Gani0Ismaili Florie1Idrizi Ermira2Luma Artan31Faculty of Contemporary Sciences and Technologies, South East European University, Tetovo, North Macedonia2Faculty of Contemporary Sciences and Technologies, South East European University, Tetovo, North Macedonia3Faculty of Contemporary Sciences and Technologies, South East European University, Tetovo, North Macedonia4Faculty of Contemporary Sciences and Technologies, South East European University, Tetovo, North MacedoniaWeb application security is a critical aspect of modern cybersecurity, necessitating efficient and reliable vulnerability detection mechanisms. This study presents a quantitative analysis of unique web application vulnerabilities detected by four automated scanning tools: Nessus, Acunetix, OWASP ZAP, and BeSECURE. We scanned 67 web applications and sorted the vulnerabilities we found into four categories: Critical, High, Medium, and Low. This study evaluates each tool’s effectiveness and reliability using mean and standard deviation, providing key insights into their performance consistency. Using straightforward statistical methods, we aim to determine which scanning tool performs best in finding vulnerabilities while maintaining consistent results across different web applications. Additionally, the analysis offers comparative insights into the performance variations among these tools, highlighting their strengths and limitations. The study paper contributes to strategic decision-making in cybersecurity, enabling organizations to select the most effective tools for vulnerability assessment. The findings demonstrate that OWASP ZAP exhibits superior detection capabilities and consistency across various severity levels, while integrating tools like Nessus, BeSECURE, and Acunetix enhances vulnerability detection, with Nessus excelling in identifying critical and high-severity vulnerabilities.https://doi.org/10.2478/seeur-2025-0021vulnerability scanningnessusacunetixowasp zapbesecureweb applicationvulnerability detection toolscomparative analysis and cybersecurity |
| spellingShingle | Zogaj Gani Ismaili Florie Idrizi Ermira Luma Artan Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency SEEU Review vulnerability scanning nessus acunetix owasp zap besecure web application vulnerability detection tools comparative analysis and cybersecurity |
| title | Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency |
| title_full | Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency |
| title_fullStr | Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency |
| title_full_unstemmed | Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency |
| title_short | Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency |
| title_sort | statistical analysis of unique web application vulnerabilities a quantitative assessment of scanning tool efficiency |
| topic | vulnerability scanning nessus acunetix owasp zap besecure web application vulnerability detection tools comparative analysis and cybersecurity |
| url | https://doi.org/10.2478/seeur-2025-0021 |
| work_keys_str_mv | AT zogajgani statisticalanalysisofuniquewebapplicationvulnerabilitiesaquantitativeassessmentofscanningtoolefficiency AT ismailiflorie statisticalanalysisofuniquewebapplicationvulnerabilitiesaquantitativeassessmentofscanningtoolefficiency AT idriziermira statisticalanalysisofuniquewebapplicationvulnerabilitiesaquantitativeassessmentofscanningtoolefficiency AT lumaartan statisticalanalysisofuniquewebapplicationvulnerabilitiesaquantitativeassessmentofscanningtoolefficiency |