Design & Test of an Advanced Web Security Analysis Tool (AWSAT)  

作　　者：Meenakshi S. P. Manikandaswamy Vijay Madisetti Meenakshi S. P. Manikandaswamy;Vijay Madisetti(School of Cybersecurity and Privacy, Georgia Institute of Technology, Atlanta, USA)

机构地区：[1]School of Cybersecurity and Privacy, Georgia Institute of Technology, Atlanta, USA

出　　处：《Journal of Software Engineering and Applications》2024年第5期448-461,共14页软件工程与应用（英文）

摘　　要：Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats.

关 键 词：Web Security Automated Analysis Vulnerability Assessment Web Scanning Cross-Site Scripting SQL Injection Cross-Site Request Forgery 

分 类 号：TP3[自动化与计算机技术—计算机科学与技术]