{"title":"Measuring Vulnerability Assessment Tools’ Performance on the University Web Application","authors":"Pita Jarupunphol, Suppachochai Seatun, Wipawan Buathong","doi":"10.47836/pjst.31.6.19","DOIUrl":null,"url":null,"abstract":"This research measured vulnerability assessment tools’ performance on a university web application, including Burp Suite and OWASP ZAP. There are three measurement criteria: (1) the number of vulnerabilities classified under risk and confidence metrics, (2) the number of vulnerability types and URL alerts classified under risk and confidence metrics, and (3) the number of vulnerabilities classified in the 2021 OWASP Top 10 vulnerabilities. Results showed that Burp Suite detected more vulnerabilities and alerts than OWASP ZAP, with a higher proportion of high-risk vulnerabilities. However, OWASP ZAP had a higher proportion of medium-confidence vulnerabilities. The comparison also revealed that the vulnerabilities identified by both tools were ranked differently within the OWASP Top 10, and there were variations in risk prioritisation between the tools. Despite these differences, the vulnerability assessment results obtained from these tools are still helpful for the university’s security analysts and administration, as mitigating cyber threats to the web application is paramount.","PeriodicalId":46234,"journal":{"name":"Pertanika Journal of Science and Technology","volume":"17 1","pages":"0"},"PeriodicalIF":0.6000,"publicationDate":"2023-10-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Pertanika Journal of Science and Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.47836/pjst.31.6.19","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"MULTIDISCIPLINARY SCIENCES","Score":null,"Total":0}
引用次数: 0
Abstract
This research measured vulnerability assessment tools’ performance on a university web application, including Burp Suite and OWASP ZAP. There are three measurement criteria: (1) the number of vulnerabilities classified under risk and confidence metrics, (2) the number of vulnerability types and URL alerts classified under risk and confidence metrics, and (3) the number of vulnerabilities classified in the 2021 OWASP Top 10 vulnerabilities. Results showed that Burp Suite detected more vulnerabilities and alerts than OWASP ZAP, with a higher proportion of high-risk vulnerabilities. However, OWASP ZAP had a higher proportion of medium-confidence vulnerabilities. The comparison also revealed that the vulnerabilities identified by both tools were ranked differently within the OWASP Top 10, and there were variations in risk prioritisation between the tools. Despite these differences, the vulnerability assessment results obtained from these tools are still helpful for the university’s security analysts and administration, as mitigating cyber threats to the web application is paramount.
期刊介绍:
Pertanika Journal of Science and Technology aims to provide a forum for high quality research related to science and engineering research. Areas relevant to the scope of the journal include: bioinformatics, bioscience, biotechnology and bio-molecular sciences, chemistry, computer science, ecology, engineering, engineering design, environmental control and management, mathematics and statistics, medicine and health sciences, nanotechnology, physics, safety and emergency management, and related fields of study.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
