liu.seSök publikationer i DiVA
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Study of the techniques used by OWASP ZAP for analysis of vulnerabilities in web applications
Linköpings universitet, Institutionen för datavetenskap.
Linköpings universitet, Institutionen för datavetenskap.
2022 (Engelska)Självständigt arbete på avancerad nivå (masterexamen), 20 poäng / 30 hpStudentuppsats (Examensarbete)Alternativ titel
En studie av de tekniker OWASP ZAP använder för att analysera sårbarheter i webbapplikationer (Svenska)
Abstract [en]

Today, new web applications are made every single day with increasingly more sensitive data to manage. To ensure that no security vulnerabilities such as data leakage in web applications exist, developers are using tools such as a web vulnerability scanner. This type of tool can detect vulnerabilities by automatically finding input fields where data can be injected and performing different attacks on these fields. One of the most common web vulnerability scanners is OWASP ZAP. Web vulnerability scanners were first developed during a time when traditional multi-page applications were prominent. Nowadays, when modern single-page applications have become the de facto standard, new challenges for web vulnerability scanners have arisen. These problems include identifying dynamically updated web pages. This thesis aims to evaluate the techniques used by OWASP ZAP and several other web vulnerability scanners for identifying two of the most common vulnerabilities, SQL injections and cross-site scripting. This issue is approached by testing the selected web vulnerability scanners on deliberately vulnerable web applications, to assess the performance and techniques used, and to determine if the performance of OWASP ZAP could be improved. If an identified technique in another web vulnerability scanner performed better than the counterpart in OWASP ZAP, it will be implemented in OWASP ZAP and evaluated. From the tests performed, it could be concluded that the performance of OWASP ZAP was lacking in the search for input fields, where a depth-first search algorithm was used. The breadth-first search algorithm used by other scanners was shown to be more effective in specific cases and was therefore implemented in OWASP ZAP. The result shows that the use case for the two algorithms differs between web applications and by using both of the algorithms to find vulnerabilities, better performance is achieved.

Ort, förlag, år, upplaga, sidor
2022. , s. 61
Nyckelord [en]
SQL injection, Cross-site scripting, Web vulnerability scanner, Web security
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
URN: urn:nbn:se:liu:diva-186346ISRN: LIU-IDA/LITH-EX-A--22/016--SEOAI: oai:DiVA.org:liu-186346DiVA, id: diva2:1675227
Externt samarbete
MindRoad AB
Ämne / kurs
Datateknik
Presentation
2022-06-07, Alan Turing (hus E), Linköping Universitet, Linköping, 08:15 (Engelska)
Handledare
Examinatorer
Tillgänglig från: 2022-07-06 Skapad: 2022-06-22 Senast uppdaterad: 2022-07-06Bibliografiskt granskad

Open Access i DiVA

fulltext(1646 kB)3372 nedladdningar
Filinformation
Filnamn FULLTEXT01.pdfFilstorlek 1646 kBChecksumma SHA-512
e3e8d1e6cb2ec61cc8c2a8babd8346641c511b5a52c2b5349e5f72cc60d3dc534b9137f2ddcf26e0b4156c179af6fffbef210016c1158698af5ebcf39f6f06fb
Typ fulltextMimetyp application/pdf

Av organisationen
Institutionen för datavetenskap
Datavetenskap (datalogi)

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 3372 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

urn-nbn

Altmetricpoäng

urn-nbn
Totalt: 4354 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • oxford
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf