NCI WEBSITE
NORMA eResearch @NCI Library

A Novel Web Application security vulnerability scanning tool

Tools

Singh, Abhay Sureshkumar (2023) A Novel Web Application security vulnerability scanning tool. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration manual]
Preview
 PDF (Configuration manual)
Download (1MB) | Preview

Abstract

Web Application usage has been increasing day-by-day as organizations provide variety of services based on people’s daily life requirements. Securing these web applications and network infrastructure has become a crucial task. There are various vulnerability scanners available in different programming languages with multiple functionalities with an ability to handle specific vulnerabilities, but they are unnecessarily complex in nature for developers as well as end-users. This study aims to fill this gap by investigating the benefits, challenges, and best practices associated with developing a Flask-based vulnerability scanner. By utilizing Flask's light weight and flexibility, the scanner offers modularity, extension, and easy connection with Flask-based apps.

With the Flask framework in mind, this research work presents a state-of-the-art vulnerability scanning tool for online applications that increases threat assessment coverage and mitigation tactics. The developed tool hides the complexity of underlying API calls by combining open-source tools detection method and running a comprehensive rule-based system, data format conversion, and optimized workflow. A user-friendly, non-technical executive summary is created from the tool's output, assisting in better risk understanding and remediation techniques.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Sahni, Vikas
UNSPECIFIED
Uncontrolled Keywords: Flask framework; Web Vulnerability Scanner; threats; Issues; Nessus; Skipfish; rules; vulnerability detection
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Z Bibliography. Library Science. Information Resources > ZA Information resources > ZA4150 Computer Network Resources > The Internet > World Wide Web
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > Telecommunications > The Internet > World Wide Web
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 05 Nov 2024 15:45
Last Modified: 05 Nov 2024 15:45
URI: https://norma.ncirl.ie/id/eprint/7152

Actions (login required)

View Item View Item