Detecting Vulnerabilities in Web Applications Using Automated Black Box and Manual Penetration Testing

Abstract

AbstractToday, web applications are becoming the most popular tool that offers a collection of various services to users. However, previous research and study showed that many web applications are deployed with critical vulnerabilities. Penetration testing is one of the well-known techniques that is frequently used for the detection of security vulnerabilities in web application. This technique can be performed either manually or by using automated tools. However, according to previous study, automated black box tools have detected more vulnerability with high false positive rate. Therefore, this paper proposed a framework which combines both automated black box testing and manual penetration testing to achieve the accuracy in vulnerability detecting in web application.KeywordsStatic Code AnalysisCross Site ScriptHyper Text Transfer ProtocolHigh Severity LevelMalicious InputThese keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.