Comparison of the effectiveness of tools for testing the security of web applications
This article presents a comparative analysis of the effectiveness of three web application security scanners: ZAP, Wapiti, and Skipfish. Automated scanning was conducted on deliberately unsecured applications, followed by an analysis of the detected vulnerabilities. The results were presented in th...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Lublin University of Technology
2025-03-01
|
| Series: | Journal of Computer Sciences Institute |
| Subjects: | |
| Online Access: | https://ph.pollub.pl/index.php/jcsi/article/view/6613 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849387941796773888 |
|---|---|
| author | Izabela Kaźmierak |
| author_facet | Izabela Kaźmierak |
| author_sort | Izabela Kaźmierak |
| collection | DOAJ |
| description |
This article presents a comparative analysis of the effectiveness of three web application security scanners: ZAP, Wapiti, and Skipfish. Automated scanning was conducted on deliberately unsecured applications, followed by an analysis of the detected vulnerabilities. The results were presented in the form of comparative tables and graphs illustrating the number and types of detected threats. The analysis showed that ZAP detected the most vulnerabilities, particularly in low-risk categories, Skipfish excelled in identifying specific threats, while Wapiti was effective in finding simple vulnerabilities. The study demonstrated the need to combine different scanners and supplement them with manual tests for a comprehensive assessment of web application security.
|
| format | Article |
| id | doaj-art-c4c9cdefc93648d8a89a0ef1449a082c |
| institution | Kabale University |
| issn | 2544-0764 |
| language | English |
| publishDate | 2025-03-01 |
| publisher | Lublin University of Technology |
| record_format | Article |
| series | Journal of Computer Sciences Institute |
| spelling | doaj-art-c4c9cdefc93648d8a89a0ef1449a082c2025-08-20T03:42:26ZengLublin University of TechnologyJournal of Computer Sciences Institute2544-07642025-03-013410.35784/jcsi.6613Comparison of the effectiveness of tools for testing the security of web applicationsIzabela Kaźmierak0Department of Computer Science, Lublin University of Technology This article presents a comparative analysis of the effectiveness of three web application security scanners: ZAP, Wapiti, and Skipfish. Automated scanning was conducted on deliberately unsecured applications, followed by an analysis of the detected vulnerabilities. The results were presented in the form of comparative tables and graphs illustrating the number and types of detected threats. The analysis showed that ZAP detected the most vulnerabilities, particularly in low-risk categories, Skipfish excelled in identifying specific threats, while Wapiti was effective in finding simple vulnerabilities. The study demonstrated the need to combine different scanners and supplement them with manual tests for a comprehensive assessment of web application security. https://ph.pollub.pl/index.php/jcsi/article/view/6613web application securitytesting toolscybersecurity |
| spellingShingle | Izabela Kaźmierak Comparison of the effectiveness of tools for testing the security of web applications Journal of Computer Sciences Institute web application security testing tools cybersecurity |
| title | Comparison of the effectiveness of tools for testing the security of web applications |
| title_full | Comparison of the effectiveness of tools for testing the security of web applications |
| title_fullStr | Comparison of the effectiveness of tools for testing the security of web applications |
| title_full_unstemmed | Comparison of the effectiveness of tools for testing the security of web applications |
| title_short | Comparison of the effectiveness of tools for testing the security of web applications |
| title_sort | comparison of the effectiveness of tools for testing the security of web applications |
| topic | web application security testing tools cybersecurity |
| url | https://ph.pollub.pl/index.php/jcsi/article/view/6613 |
| work_keys_str_mv | AT izabelakazmierak comparisonoftheeffectivenessoftoolsfortestingthesecurityofwebapplications |