OWASP-Based Assessment of Web Application Security

Abstract

In today’s cyber era, most businesses and services require an online presence to be globally accessible. This exposure, however, poses a threat of hacking and data theft, with malicious individuals constantly searching for unchecked loopholes during develop ment. Such loopholes often go unnoticed due to the failure to follow secure development or vulnerability assessment of web applications within the context of security. The OWASP provides cheat sheets and a top 10 list of guidelines to help detect and elim inate vulnerabilities in web applications. However, the effectiveness of these strategies and improvements in security metrics remain unclear, especially with the newly added vulnerabilities in OWASP Top 10 (2021). Although prior research has concentrated on vulnerability assessment and developer recommendations, none of those recommenda tions have undergone testing or reporting. This study evaluates 70 web applications using OWASP ZAP tool along with pre- and post-implementation analysis of cheat sheets on an enterprise-level web application. The results show that two out of three new categories in OWASP Top 10 were frequent, suggesting rankings of categories in OWASP Top 10 may not solely depend on frequency of occurrence. The cheat sheet analysis significantly reduced vulnerabilities in the Staff Genix Division Head’s portal from 16 to 5, in the Recruiter’s portal from 11 to 4, and in all Candidate portals from 8 to 7. This suggests that cheat sheets can effectively address many web application vulnerabilities, but additional measures like S-SDLC stages and manual validation may be necessary. Regular assessments are also crucial to maintaining security.