Comparison of the effectiveness of tools for testing the security of web applications
This article presents a comparative analysis of the effectiveness of three web application security scanners: ZAP, Wapiti, and Skipfish. Automated scanning was conducted on deliberately unsecured applications, followed by an analysis of the detected vulnerabilities. The results were presented in th...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Lublin University of Technology
2025-03-01
|
| Series: | Journal of Computer Sciences Institute |
| Subjects: | |
| Online Access: | https://ph.pollub.pl/index.php/jcsi/article/view/6613 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | This article presents a comparative analysis of the effectiveness of three web application security scanners: ZAP, Wapiti, and Skipfish. Automated scanning was conducted on deliberately unsecured applications, followed by an analysis of the detected vulnerabilities. The results were presented in the form of comparative tables and graphs illustrating the number and types of detected threats. The analysis showed that ZAP detected the most vulnerabilities, particularly in low-risk categories, Skipfish excelled in identifying specific threats, while Wapiti was effective in finding simple vulnerabilities. The study demonstrated the need to combine different scanners and supplement them with manual tests for a comprehensive assessment of web application security.
|
|---|---|
| ISSN: | 2544-0764 |