A hybrid algorithm for detecting web-based applications vulnerabilities

Abstract

Web applications have gained popularity over the years and have become an integral part of our daily lives interaction. We use these applications on a regular basis to intract with our friends and family, purchase items online and access bank accounts among others. However, these appliactions are not 100% secure, they are subject to a wide array of vulnerablities such as such as SQL injection, Cross site tracing , cross site refrence forgery and server side injections among others.To discover these weaknesses, web application scanners are used to report vulnerabilities found. The main objective of this study is to perform a comparative study of open source vulnerability testing tools, study their algorithm for these tools and propose an improved hybrid algorithm. A simulation to test and validate the hybrid algorithm was also developed. This research focuses on six of the open source web scanning tools which, were tested against four web based applications with known vulnerabilities to compare the tools capabilites and features. In addition, the algorithm of these tools were scrutinized with an aim of producing a hybrid algorithm that will be more accurate in detecting web vulnrabilities. The experimental results were compared with the existing open source tools to confirm the effectiveness of the approach used. The research concluded that open source tools have the capacity to detect vulnerabilities in the test cases performed. However, none of the tools have the capacity to detect all the vulnerabilities. For this reason there is need to improve web scanning tools and increases their detection accuracy.