WEB-WATCH – WEB VULNERABILITY SCANNER

Authors

  • Anurag Patidar Bachelor of Technology, Department of Computer Science & Engineering

Keywords:

Web Vulnerability Scanner, Hybrid Scanning, Active/Passive Analysis, Web Application Security, Cybersecurity

Abstract

Web application security represents a critical challenge in contemporary cybersecurity as organizations increasingly rely on web-based services to handle sensitive data. Existing vulnerability scanners typically operate in two distinct categories: active scanners that effectively detect vulnerabilities but risk disrupting live systems, and passive scanners that minimize operational impact but may miss critical threats. This paper introduces Web-Watch, a hybrid web vulnerability scanner designed to bridge this gap by seamlessly integrating both active and passive scanning methodologies. Web-Watch combines the thorough detection capabilities of active scanning with the non-intrusive characteristics of passive scanning, enabling comprehensive vulnerability assessments without adversely affecting target system performance. The tool employs Python-based architecture optimized for Linux environments, featuring a command-line interface with planned GUI expansion, a vulnerability database powered by SQL, and integration capabilities with CI/CD pipelines. Evaluation on test applications demonstrated Web-Watch’s effectiveness in detecting SQL injection, cross-site scripting (XSS), command injection, and other critical vulnerabilities with high accuracy and minimal false positives. Results indicate Web-Watch successfully identifies security issues comparable to industry standards while maintaining resource efficiency. The tool positions itself as an accessible, adaptable solution for security professionals, developers, and organizations seeking balanced web application security assessments.

References

I. Li, X., & Xue, Y. (2023). A survey on web application security. Journal of Cybersecurity Research, 5(2), 112-134.

II. White, M., Tufano, M., Vendome, C., & Poshyvanyk, D. (2024). Automated vulnerability detection in source code using deep learning. IEEE Transactions on Software Engineering, 50(1), 45-67.

III. Amith, A. G. (2023). The SQL injection attack and its prevention mechanisms. International Journal of Information Security, 22(4), 891-912.

IV. Manico, J., & Tubaishat, A. (2023). Cross-site scripting attacks and defense strategies. Web Security Review, 18(3), 234-256.

V. OWASP Foundation. (2024). OWASP Top 10 – The ten most critical web application security risks. Retrieved from https://owasp.org/www-project-top-ten/

VI. Livshits, V. B., & Lam, M. S. (2023). Dynamic testing for software vulnerability detection. ACM Transactions on Software Engineering Methodology, 32(2), 1-28.

VII. Apruzzese, G., & Colajanni, M. (2023). Machine learning and cybersecurity: The state of the art. Cybersecurity Review, 15(4), 567-589.

VIII. National Institute of Standards and Technology. (2023). Cybersecurity framework version 2.0. NIST Publication SP 800-39.

IX. Open Web Application Security Project. (2024). ZAP - The open source web application scanner. Retrieved from https://www.zaproxy.org/

X. Conti, M., Kumar, E. S., Lal, C., & Ruj, S. (2023). Security and privacy of blockchain technologies: A comprehensive review. Journal of Cryptography, 31(1), 78-102.

Additional Files

Published

01-05-2024

How to Cite

Anurag Patidar. (2024). WEB-WATCH – WEB VULNERABILITY SCANNER. International Educational Journal of Science and Engineering, 7(5). Retrieved from https://iejse.com/journals/index.php/iejse/article/view/236

Issue

Vol. 7 No. 5 (2024): MAY ISSUE, INTERNATIONAL EDUCATIONAL JOURNAL OF SCIENCE AND ENGINEERING

Section

Articles

License

Copyright (c) 2024 International Educational Journal of Science and Engineering

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.