Abstract
As known, everyone uses web applications to make purchases, transfer funds, upload data, etc. Meanwhile, the security of these web applications has become a significant challenge due to various vulnerabilities in web applications such as XSS, SQL injection (Second order), and many others. For this aim, we have penetration tests, that plays a very important role to detect those vulnerabilities, and it is called a simulated network attack, in which professional ethical hackers break into the company’s network to find vulnerabilities using tools that have been proven to uncover different types of vulnerabilities in a very short time. In recent years, cybersecurity has experienced a different kind of vulnerability detection based on AI, more specifically machine learning. This challenge has led cyber defense engineers to create different modules to handle this. In this article, we will do a comparison between two penetration testing tools while scanning the same target and discovering 3 ranking vulnerabilities and see some approaches.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The Open Web Application Security Project.
- 2.
Database Management System.
References
Alzahrani, A., Alqazzaz, A., Fu, H., Almashf, N.: Web application security tools analysis. IEEE (2017)
Priyanka, A.K., Smruthi, S.S., Siddhartha, V.R., Engineering College India: WebApplication vulnerabilities: exploitation and prevention. IEEE (2020)
Nirmal, K., Janet, B., Kumar, R.: Web application vulnerabilities - the hacker’s treasure. In: Proceedings of the International Conference on Inventive Research in Computing Applications (ICIRCA) (2018). IEEE Xplore Compliant Part Number: CFP18N67-ART, ISBN: 978-1-5386-2456-2
Huang, H.C., Zhang, Z.K., Cheng, H.W., Shieh, S.W.: Web application security: threats, countermeasures, and pitfalls. IEEE (2017)
Moore, M.: Penetration testing and metasploit (2017)
Wang, Y., Yang, J.: Ethical hacking and network defense: choose your best network vulnerability scanning tool. In: Proceedings of the 31st International Conference on Advanced Information Networking and Applications Workshops (2017)
Gupta, M.K. , Govil, M.C., Singh, G.: Predicting cross-site scripting (XSS) security vulnerabilities in web applications. In: Proceedings of the 12th International Joint Conference on Computer Science and Software Engineering (JCSSE) (2015)
D’silva, K., Vanajakshi, J., Manjunath, K.N., Prabhu, S.: An effective method for preventing SQL injection attack and session hijacking. In: Proceedings of the 2017 2nd IEEE International Conference on Recent Trends in Electronics Information and Communication Technology (RTEICT), India, 19–20 May 2017
Ping, C.: A second-order SQL injection detection method. IEEE (2017). 978-1-5090-64144/17/31.00
Parimala, G., Sangeetha, M., AndalPriyadharsini, R.: Efficient web vulnerability detection tool for sleeping giant-cross site request forgery. In: Proceedings of the 2018 National Conference on Mathematical Techniques and Its Applications (NCMTA) (2018)
Nagpure, S., Kurkure, S.: Vulnerability assessment and penetration testing of web application. In: Proceedings of the 2017 Third International Conference on Computing, Communication, Control and Automation (ICCUBEA) (2017)
Sagar, D., Kukreja, S., Brahma, J., Tyagi, S., Jain, P.: Studying open source vulnerability scanners for vulnerabilities in web applications. IIOAB J. (2018). iioab.org
Holik, F., Neradova, S.: Vulnerabilities of modern web applications. In: MIPRO 2017, Opatija, Croatia, 22–26 May 2017
Hasan, A.M., Divyakant, T., Meva, A.K., Roy, J.D.: Perusal of web application security approach. In: International Conference on Intelligent Communication and Computational Techniques (ICCT) Manipal University Jaipur, 22–23 December 2017
Utaya Surian, R., Rahman, N.A.A., Nathan, Y.: Scanner: vulnerabilities detection tool for web application. J. Phys. Conf. Ser. (2020)
Nexpose: Administration guide, product version 6.4. https://www.rapid7.com/products/nexpose/. Accessed 02 Mar 2022
Sectools.org: Top 125 network security tools (2015). http://sectools.org/. Accessed Jan 2015
Goela, J.N., Mehtreb, B.M.: Vulnerability assessment & penetration testing as a cyber defence technology. In Proceedings of the 3rd International Conference on Recent Trends in Computing (ICRTC 2015) (2015)
Joshi, C., Singh, U.K.: Analysis of vulnerability scanners in quest of current information security landscape. Int. J. Comput. Appl. (IJCA) 146(2), 1–7 (2016). 0975-8887
Joshi, C., Singh, U.K.: Performance evaluation of web application security scanners for more effective defense. Int. J. Sci. Res. Publ. (IJSRP) 6(6), 660–667 (2016). ISSN 2250-3153
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Labiad, B., Tanana, M., Laaychi, A., Lyhyaoui, A. (2023). A Comparative Study of Vulnerabilities Scanners for Web Applications: Nexpose vs Acunetix. In: Kacprzyk, J., Ezziyyani, M., Balas, V.E. (eds) International Conference on Advanced Intelligent Systems for Sustainable Development. AI2SD 2022. Lecture Notes in Networks and Systems, vol 712. Springer, Cham. https://doi.org/10.1007/978-3-031-35251-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-35251-5_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-35250-8
Online ISBN: 978-3-031-35251-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)