A Comparative Model to Analyze Various Web Application Penetration Testing Tools for
Different Vulnerabilities
Bilawal Khan, Institute of Computer Sciences and Information Technology (ICS/IT), The University of Agriculture Peshawar, Pakistan.
Javed Iqbal Bangash, Institute of Computer Sciences and Information Technology (ICS/IT), The University of Agriculture Peshawar, Pakistan.
Muhammad Tariq, Institute of Computer Sciences and Information Technology (ICS/IT), The University of Agriculture Peshawar, Pakistan.
Nida Gul, Institute of Computer Sciences and Information Technology (ICS/IT), The University of Agriculture Peshawar, Pakistan.
Sana Zahir, Institute of Computer Sciences and Information Technology (ICS/IT), The University of Agriculture Peshawar, Pakistan.
Akhtar Kamal , Institute of Computer Sciences and Information Technology (ICS/IT), The University of Agriculture Peshawar, Pakistan.
Corresponding Author:
Muhammad Tariq (tariqahmad825@gmail.com)
Abstract:
Web applications contain confidential and important information, and are available on the internet and accessible from all over the world, including by malicious users and attackers. Over time, these web applications can become vulnerable to malicious attacks. To prevent such attacks, proper analysis and maintenance is needed. For analysis purposes, there are famous pen-testing tools available in the market, some of which are paid while others are free. This research work aims to identify an efficient and effective scanner for analyzing web applications to find vulnerabilities. Moreover, this research work provides a comparative model for the top ten pen-testing tools with OWASP top ten vulnerabilities, using a buggy web app (bWAPP) to identify the most efficient and effective tool. The selection of the best tool depends on the maximum number of vulnerabilities detected in the minimum time. According to this research work, the Skipfish scanner shows the best results among the other tools.
Keywords:
Owasp Top Ten Vulnerability; Top Pen-Testing Tools; bWAPP; Comparative Model