SECURING WEB APPLICATIONS WITH OWASP ZAP FOR COMPREHENSIVE SECURITY TESTING

S. P. Maniraj; Chitra Sabapathy Ranganathan; Satheeshkumar Sekar

doi:10.29284/ijasis.10.2.2024.12-23

Authors

S. P. Maniraj
Chitra Sabapathy Ranganathan
Satheeshkumar Sekar

DOI:

https://doi.org/10.29284/ijasis.10.2.2024.12-23

Keywords:

Zed attack proxy, web application security, vulnerability detection, security testing, threat mitigation.

Abstract

The powerful Open Web Application Security Project (OWASP)-Zed Attack Proxy (ZAP) tool secures web applications with extensive security testing. Its main goal is to find and fix web application vulnerabilities before they can be exploited. The goal is to improve web application security using OWASP ZAP scans and inspections. Simulating SQL injection and cross-site scripting attacks using the tool reveals an application's security flaws. OWASP ZAP automates testing to protect sensitive data and web application integrity. The purpose is to protect online applications from attacks to reduce security breaches and ensure industry compliance. Modern online applications' security and dependability depend on OWASP ZAP's systematic vulnerability discovery and mitigation. By enhancing scan performance and providing actionable security information, the experimental results show that the OWASP ZAP helps safeguard online applications and reduce the danger of cyberattacks. The objective is to enhance its skills to provide comprehensive, prompt, dependable security evaluations across various situations.

References

F. P. Putra, U. Ubaidi, A. Hamzah, W. A. Pramadi and A. Nuraini, “Systematic Literature Review: Security Gap Detection on Websites Using Owasp Zap,” Brilliance: Research of Artificial Intelligence, vol. 4, no. 1, 2024, pp. 348-355.

S. H. Sanne, “Investigations into Security Testing Techniques, Tools, and Methodologies for Identifying and Mitigating Security Vulnerabilities,” Journal of Artificial Intelligence, Machine Learning and Data Science, vol. 1, no. 1, 2024, pp. 626-631.

N. A. Syarifudinand L. Setiyani, “Analysis of Higher Education SIAKAD Website Security Gaps Using the Vulnerability Assessment Method,” International Journal of Multidisciplinary Approach Research and Science, vol. 1, no. 3, 2024, pp. 332-344.

Y. Alkhurayyif and Y. S. Almarshdy, “Adopting Automated Penetration Testing Tools: A Cost-Effective Approach to Enhancing Cybersecurity in Small Organizations,” Journal of Information Security and Cybercrimes Research, vol. 7, no. 1, 2024, pp. 51-66.

B. S. Pradhana, “Website Security Analysis Using the OWASP10 Method (Case Study: almumtazparfumebatam. store),” Jurnal Kewarganegaraan, vol. 8, no. 1, 2024, pp. 588-605.

C. P. Flores Jr and N. Richard, “Evaluation of Common Security Vulnerabilities of State Universities and Colleges Websites Based on OWASP,” Journal of Electrical Systems, vol. 20, no. 5s, 2024, pp. 1396-1404.

A. F. Sebrina, A. Junaidi and A. N. Sihananto, “Testing posketanmu website with google penetration testing and OWASP Top 10,” Jurnal Mantik, vol. 8, no. 1, 2024, pp. 636-645.

A. Fadlil, I. Riadi and M. A. Mu’min, “Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework,” International Journal of Engineering, vol. 37, no. 4, 2024, pp. 635-645.

H. Ghazizadeh, G. Tamm and R. Creutzburg, “Automated Tools for Cloud Security Testing,” Electronic Imaging, vol. 36, 2024, pp. 1-7.

A. A. Fernandes, “Evaluating the Top Application Security Tools: From Static Analysis to Runtime Protection,” Asian Journal of Research in Computer Science, vol. 17, no. 7, 2024, pp. 119-127.

V. Casola, A. De Benedictis, C. Mazzocca and V. Orbinato, “Secure software development and testing: A model-based methodology,” Computers & Security, vol. 137, 2024, pp. 1-16.

A. Alquwayzani, R. Aldossri and M. Frikha, “Mitigating Security Risks in Firewalls and Web Applications using Vulnerability Assessment and Penetration Testing (VAPT),” International Journal of Advanced Computer Science & Applications, vol. 15, no. 5, 2024, pp. 1-17.

M. Z. Ariffin, and H. F. Hakim, “Use of Expert Systems to Predict Attacks on Web-Based Servers,” Jurnal Inovasi Teknologi dan Edukasi Teknik, vol. 4, no. 2, 2024, pp. 1-11.

N. E. Ismail, N. H. Ali, M. A. Jalil, F. Yunusand A. D. Jarno, “A Proposed Framework of Vulnerability Assessment and Penetration Testing (VAPT) in Cloud Computing Environments from Penetration Tester Perspective,” Journal of Advanced Research in Applied Sciences and Engineering Technology, vol. 39, no. 1, 2024, pp. 1-14.

C. Feio, N. Santos, N. Escravanaand B. Pacheco, “An Empirical Study of DevSecOps Focused on Continuous Security Testing,” IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), 2024, pp. 610-617.

H. Kurniawan and E. Christianto, “Analysis Vulnerability Website Baleomolcreative dengan Metode Penetration Testing Execution Standard & Vulnerability Assessment Pada Http Response Header Field,” Jurnal JTIK (Jurnal Teknologi Informasi dan Komunikasi), vol. 8, no. 3, 2024, pp. 734-745.

E. F. Mangaoang and R. N. Monreal, “Common Vulnerabilities and Exposures Assessment of Private Higher Educational Institutions Using Web Application Security,” Journal of Electrical Systems, vol. 20, no. 5s, 2024, pp. 668-676.

R. P. Kollepalli, M. J. Reddy, B. L. Sai, A. Natarajan, S. Mathi and V. Ramalingam, “An Experimental Study on Detecting and Mitigating Vulnerabilities in Web Applications,” International Journal of Safety & Security Engineering, vol. 14, no. 2, 2024, pp. 1-10.

V. I. Sugara, and I. W. Sriyasa, “Analisis Keamanan Web Menggunakan Open Web Application Security Web (OWASP),” Indonesian Journal of Computer Science, vol. 13, no. 2, 2024, pp. 3315-3327.

S. T. Makani, and S. Jangampeta, “Devops Security Tools Evaluating Effectiveness in Detecting and Fixing Security Holes,” International Journal of DevOps (IJDO), vol. 1, no. 2, 2024, pp. 1-12.