Background of the Study Web apps have become an essential element of both personal and professional lives in the digital age, transforming how people and organizations do business, communicate, and share information. Web apps support a diverse range of online activities, including e-commerce platforms, cloudbased services, and social media sites. As their value grows, so does the need to keep these apps safe from any cyber threats. Security breaches can cause severe financial loss, reputational damage, and legal ramifications. As a result, penetration testing tools are crucial for finding and addressing vulnerabilities in web applications. Penetration testing is a scientific procedure for assessing the security of web applications by simulating cyberattacks to reveal weaknesses that malevolent hackers could exploit [18]. Automated penetration testing frameworks, such as OWASP ZAP (Zed Attack Proxy), have been created to simplify this procedure, allowing for more efficient and thorough security eva‎luations. OWASP ZAP, an open-source penetration testing tool, is popular due to its flexibility, vast feature set, and active support group. It provides both active and passive scanning capabilities, allowing security professionals to detect a wide range of vulnerabilities, such as injection attacks, authentication problems, and cross-site scripting (XSS). While OWASP ZAP is excellent at scanning traditional online apps, current web development presents new obstacles. Single Page Applications (SPAs), Progressive online Apps (PWAs), and RESTful APIs have all had a big impact on how online applications work [13]. SPAs dynamically load material without entirely refreshing the page, which improves user experience but complicates vulnerability identification. PWAs, which combine the finest characteristics of online and mobile applications, add levels of complexity by allowing you to work offline, send push al‎e‎rts, and update in the background. Furthermore, RESTful APIs and Web Sockets, which enable real-time communication between clients and servers, open up new avenues for potential vulnerabilities.

12/11/2024 12:00:00 AM

85320

1403/10/02

Enhancing Automated Penetration Testing Frameworks for Modern Web Applications

تست نفوذ خودكار-OWASP ZAP-امنيت برنامه وب-برنامه هاي وب پيشرو (PWA)

Automated Penetration Testing-OWASP ZAP-Web Application Security-Progressive Web Apps (PWAs)