چکيده
Background of the Study
Web apps have become an essential element of both personal and professional lives in the digital
age, transforming how people and organizations do business, communicate, and share information.
Web apps support a diverse range of online activities, including e-commerce platforms, cloudbased
services, and social media sites. As their value grows, so does the need to keep these apps safe
from any cyber threats. Security breaches can cause severe financial loss, reputational damage,
and legal ramifications. As a result, penetration testing tools are crucial for finding and addressing
vulnerabilities in web applications.
Penetration testing is a scientific procedure for assessing the security of web applications by
simulating cyberattacks to reveal weaknesses that malevolent hackers could exploit [18].
Automated penetration testing frameworks, such as OWASP ZAP (Zed Attack Proxy), have been
created to simplify this procedure, allowing for more efficient and thorough security evaluations.
OWASP ZAP, an open-source penetration testing tool, is popular due to its flexibility, vast feature
set, and active support group. It provides both active and passive scanning capabilities, allowing
security professionals to detect a wide range of vulnerabilities, such as injection attacks,
authentication problems, and cross-site scripting (XSS).
While OWASP ZAP is excellent at scanning traditional online apps, current web development
presents new obstacles. Single Page Applications (SPAs), Progressive online Apps (PWAs), and
RESTful APIs have all had a big impact on how online applications work [13]. SPAs dynamically
load material without entirely refreshing the page, which improves user experience but complicates
vulnerability identification. PWAs, which combine the finest characteristics of online and mobile
applications, add levels of complexity by allowing you to work offline, send push alerts, and update
in the background. Furthermore, RESTful APIs and Web Sockets, which enable real-time
communication between clients and servers, open up new avenues for potential vulnerabilities.
