Abstract
As the number of web applications and the corresponding number and sophistication of the threats increases, creating new tools that are efficient and accessible becomes essential. Although there is much research concentrating on network security visualizations, there are only a few studies considering the web application vulnerabilities' possible visualization options. Consequently, to fill this gap, this research centers around a novel perception configuration to improve web application vulnerability monitoring. This study forms a generic data structure based on data sources that might be readily associated and commonly available for the majority of the web applications. The primary contribution of this study is a new dashboard tool for visualizing dynamic application security test results. Another contribution is the metrics/measures that the tool presents. The paper also describes a validation study in which participants answered quiz questions upon using the tool prototype. For the case study, sample data has been generated using the OWASP ZAP scanner tool and a prototype has been implemented to be used for validation purposes. This study allows the investigation of fifty metrics/measures for the multi-project/phase environment that enhances its benefits if the user aims to monitor a series of analyses' results and the changes between them for more than one web project.
Highlights
The number of web-based applications is increasing each year
The purpose of this study is to propose an alternative visualization tool which visualizes the data attributes commonly available for web applications, combine these data attributes with common outputs of web application vulnerability scan results, namely, scanner results and alerts, and to find out measures and metrics based on the proposed data structure
This study examined common outputs of web application security vulnerability scanner tools and provided a data structure that is further used during the definition of a set of metrics and measures
Summary
The number of web-based applications is increasing each year. there are no statistics on the number of existing web applications in the world, the number of domain names was around 367 million as of the first quarter of 2020. Over the years, many automated analysis tools have been developed for efficient security checks Some of these tools make white-box analyses, which are called static code analyzers. The second group of vulnerability analysis tools focuses on black-box tests/analyses, and they do not depend on the selected technologies. They use standard HTTP requests to make controls and attacks on the web applications. The focus of this study is to visualize the outputs of the second group of automated security analysis tools, i.e., DAST tools, which are typically the scan results, and the identified alerts. Web application security black-box test tools are called vulnerability scanner tools, in general.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
