- DSpace Home
- →
- E-Theses
- →
- SEECS
- →
- Information Security
- →
- MS
- →
- View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.
| dc.contributor.author | Waheed, Eman | |
| dc.date.accessioned | 2024-07-09T10:17:42Z | |
| dc.date.available | 2024-07-09T10:17:42Z | |
| dc.date.issued | 2024 | |
| dc.identifier.other | 361531 | |
| dc.identifier.uri | http://10.250.8.41:8080/xmlui/handle/123456789/44613 | |
| dc.description | Supervisor: Dr. Sana Qadir | en_US |
| dc.description.abstract | In today’s digital landscape, an online presence is essential but exposes businesses to cyber threats. Despite Open Web Application Security Project (OWASP) and Com mon Weakness Enumeration (CWE) guidelines, web application vulnerabilities persist. This research evaluates four Static Application Security Testing (SAST) tools (Yasca, Snyk, Progpilot, SonarQube) and five Dynamic Application Security Testing (DAST) tools (BurpSuite, OWASP Zap, Vega, Wapiti, IronWASP) against OWASP Top 10 and CWE Top 25 standards by assessing seventy-five open-source web apps. OWASP Zap is most effective for OWASP Top 10 vulnerabilities, while Yasca and Snyk excel at CWE Top 25. Yasca, IronWASP, and Vega are best for high, medium, and low vulner abilities, respectively. This study helps organizations choose suitable tools to improve web application security. | en_US |
| dc.language.iso | en | en_US |
| dc.publisher | School of Electrical Engineering & Computer Science (SEECS), NUST | en_US |
| dc.subject | Keywords: CWE Top 25, DAST tools, OWASP Top 10, SAST tools, Web appli cation security . | en_US |
| dc.title | Evaluation of SAST and DAST Tools for Web Application Security | en_US |
| dc.type | Thesis | en_US |
Files in this item
This item appears in the following Collection(s)
-
MS [146]