NCI WEBSITE
NORMA eResearch @NCI Library

Comparative study of SAST and DAST tools with Manual penetration testing methods for improving the identification of business logic vulnerabilities of authorization flaws and broken access control and false positive vulnerabilities for enhanced Web application security

Tools

Kondhankuzhiyil Radhamohanan, Drisya Mohan (2024) Comparative study of SAST and DAST tools with Manual penetration testing methods for improving the identification of business logic vulnerabilities of authorization flaws and broken access control and false positive vulnerabilities for enhanced Web application security. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (825kB) | Preview
[thumbnail of Configuration Manual]
Preview
 PDF (Configuration Manual)
Download (1MB) | Preview

Abstract

In the current scenario, as dependency on internet continue to grow, organizations are increasingly able to handle and share even critical information with ease. As a result,
every organization will make use of necessary security measures for protecting their resources such as web applications, websites and other cloud services. At the same time malicious people always will be trying for finding loopholes and the ways to exploit it. In order to identify the weakness in the existing system security, experts will be performing various vulnerability assessments as well as penetration testing. Vulnerability assessments using automated tools such as SAST and DAST tools will be helpful for finding the security weaknesses in the system easily with low cost. But these tools are designed only for evaluating the specific issues it is programmed for. Hence such tools may not be successful always for the identification of logic errors or logic flaws in the system. But when the security experts go for manual penetration testing, they will test further and simulate the real-world attack scenarios to identify the weakness which can exploit by attackers. This paper will be investigating how efficient the manual penetration testing methods than automated tools for identifying the business logic errors occurs due to the application design flaws for enhancing the overall web application security.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Mahajan, Kamil
UNSPECIFIED
Uncontrolled Keywords: Business logic errors; SAST; DAST; Penetration testing
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Ciara O'Brien
Date Deposited: 17 Jul 2025 16:21
Last Modified: 17 Jul 2025 16:21
URI: https://norma.ncirl.ie/id/eprint/8176

Actions (login required)

View Item View Item