Abstract- With the tremendous growth of the Internet in recent years, web applications are becoming more and more popular among users. At the same time, they suffer from malicious attacks that affect basic attributes Such as confidentiality, integrity, and availability of the system or the data. In response to these malicious threats, web application developers and information security professionals have used web Application vulnerability scanners as a security tool to Periodically audit their web applications to scan for security vulnerabilities. Today, there are a lot of automated web application scan tools available. But we need to find that is how efficient the scanners are in finding security vulnerabilities in web applications during an automated scan. The main focus of this study is to assess the effectiveness of existing commercial Automated Dynamic Application Security Testing (DAST) Tools in Black-Box web application security Testing. Our goal is to find out the strength and limitations of automated web application security testing tools. This study is not meant to compare different commercial scanners in the market. We do not report comparison data regarding the performance of the tools or make any recommendations about the purchase of any scanning tools.
Keywords- Web Application Security, Vulnerability Analysis, Penetration Testing, Security Scanners
| DOI: 10.17148/IJARCCE.2021.10534