Abstract
A web application makes use of web browsers to perform Internet tasks. Lots of businesses utilize the Internet as a profitable means of communication. Currently, the business world is facing multiple cyber breaches and attacks. Conducting a penetration test on any website or information system is, therefore, essential to enhance cybersecurity. Choosing the most effective tool for penetration testing is more important. This paper aims to examine two vital tools that are employed in testing the vulnerabilities of a chosen test website. The two tools, ZAP and Acunetix, are used to identify the weaknesses of the website. Besides, the usefulness and the purpose of each tool are shown and described. The comparison of these tools is intended to identify the effectiveness of all penetration testing tools in information systems and the difference they may depict depending on a given tool. The results show that the ZAP tool seems to be more effective compared with the other format.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Muamer, N. M., & Sulaiman, N. (2011). A novel local network intrusion detection system based on support vector machine. Journal of Computer Science, 7, 1560–1564.
Munoz, R. F., Cortes, S. I. I., & Villaiba, G. J. L. (201). Enlargement of vulnerable web applications for testing. The Journal of Supercomputing, 74, 6598–6617.
Al Shebli, H. M. Z., & Beheshti, B. D. (2018). A study on penetration testing processes and tools. In 2018 IEEE Long Island Systems, Applications, and Technology Conference (LISAT) (pp. 1–7).
Alzahrani, A., Alqazzaz, A., Zhu, Y., Fu, H., & Almashfi, N. (2017). Web application security tools analysis. In IEEE 3rd international conference on big data security on cloud (big data security), IEEE international conference on high performance and smart computing (hPSC), and IEEE international conference on intelligent data and security (pp. 237–242).
Munoz, R. F., Vega, A. A. E., & Villaiba, G. J. L. (2018). Analyzing the traffic of penetration testing tools with an IDS. The Journal of Supercomputing, 74, 6454–6469.
Matnee, A. Y. (2018). Estimating the state of website security as poorly regulated mechanisms based on fuzzy logic methods. 9–10.
Thakre, S. (2018). Studying the effectiveness of various tools in detecting the protecting mechanisms implemented in web-applications. In Proceedings of the International Conference on Inventive Research in Computing Applications.
Idongesit, E., & Olufemi, O. U. (2017). A multilayer secured protocol for REST-based services. Journal of International Information Management Association Inc, 1–25.
Kushe, R. (2017). Security assessment of web applications. In UBT Conference (pp. 101–106).
Najera-Gutierrez, G., & Ansari, J. A. (2018). Web penetration testing with kali linux: Explore the methods and tools of ethical hacking with Kali Linux. Packt Publishing Ltd.
Netsparker Web Vulnerability Scanner Product Brochure. https://www.netsparker.com/s/NetsparkerProductBrochure.pdf.
Kumar, P., & Pateriya, R. K. (2012). A survey on SQL injection attacks, detection and prevention techniques. In International Conference on Computing and Networking Technology (ICCN).
Siahaan, A. P. U. (2017). Security assessment of web application through penetration system techniques. International Journal of Recent Trends in Engineering and Resarch.
Singh, H., Jangra, S., & Verma, P. K. (2016). Penetration testing: analyzing the security of the network by Hacker’s mind. IJLTEMAS, V, 56–60.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Aljebry, A.F., Alqahtani, Y.M., Sulaiman, N. (2022). Analyzing Security Testing Tools for Web Applications. In: Khanna, A., Gupta, D., Bhattacharyya, S., Hassanien, A.E., Anand, S., Jaiswal, A. (eds) International Conference on Innovative Computing and Communications. Advances in Intelligent Systems and Computing, vol 1387. Springer, Singapore. https://doi.org/10.1007/978-981-16-2594-7_34
Download citation
DOI: https://doi.org/10.1007/978-981-16-2594-7_34
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-16-2593-0
Online ISBN: 978-981-16-2594-7
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)