Comparison of the effectiveness of tools for testing the security of web applications

Izabela Kaźmierak

doi:10.35784/jcsi.6613

Journal of Computer Sciences Institute (Mar 2025)

Comparison of the effectiveness of tools for testing the security of web applications

Izabela Kaźmierak

Affiliations

Izabela Kaźmierak: Department of Computer Science, Lublin University of Technology

DOI: https://doi.org/10.35784/jcsi.6613
Journal volume & issue: Vol. 34

Abstract

Read online

This article presents a comparative analysis of the effectiveness of three web application security scanners: ZAP, Wapiti, and Skipfish. Automated scanning was conducted on deliberately unsecured applications, followed by an analysis of the detected vulnerabilities. The results were presented in the form of comparative tables and graphs illustrating the number and types of detected threats. The analysis showed that ZAP detected the most vulnerabilities, particularly in low-risk categories, Skipfish excelled in identifying specific threats, while Wapiti was effective in finding simple vulnerabilities. The study demonstrated the need to combine different scanners and supplement them with manual tests for a comprehensive assessment of web application security.

Published in Journal of Computer Sciences Institute

ISSN: 2544-0764 (Online)
Publisher: Lublin University of Technology
Country of publisher: Poland
LCC subjects: Technology: Technology (General): Industrial engineering. Management engineering: Information technology; Science: Mathematics: Instruments and machines: Electronic computers. Computer science
Website: https://ph.pollub.pl/index.php/jcsi/index

About the journal

Abstract

Keywords