Acceso abierto

Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency

Gani Zogaj

Gani Zogaj

Faculty of Contemporary Sciences and Technologies, South East European UniversityTetovo, North Macedonia
Buscar este autor en
Sciendo|Google Scholar
Zogaj, Gani
, 
Florie Ismaili

Florie Ismaili

Faculty of Contemporary Sciences and Technologies, South East European UniversityTetovo, North Macedonia
Buscar este autor en
Sciendo|Google Scholar
Ismaili, Florie
, 
Ermira Idrizi

Ermira Idrizi

Faculty of Contemporary Sciences and Technologies, South East European UniversityTetovo, North Macedonia
Buscar este autor en
Sciendo|Google Scholar
Idrizi, Ermira
 y 
Artan Luma

Artan Luma

Faculty of Contemporary Sciences and Technologies, South East European UniversityTetovo, North Macedonia
Buscar este autor en
Sciendo|Google Scholar
Luma, Artan
  
30 jun 2025
Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency's Cover Image
Acerca de este artículo
Artículo anterior
Artículo siguiente
Cite
Descargar portada
Publicado en línea: 30 jun 2025
Páginas: 136 - 152
DOI: https://doi.org/10.2478/seeur-2025-0021
Palabras clave
© 2025 Gani Zogaj et al., published by Sciendo
This work is licensed under the Creative Commons Attribution 4.0 International License.

Web application security is a critical aspect of modern cybersecurity, necessitating efficient and reliable vulnerability detection mechanisms. This study presents a quantitative analysis of unique web application vulnerabilities detected by four automated scanning tools: Nessus, Acunetix, OWASP ZAP, and BeSECURE. We scanned 67 web applications and sorted the vulnerabilities we found into four categories: Critical, High, Medium, and Low. This study evaluates each tool’s effectiveness and reliability using mean and standard deviation, providing key insights into their performance consistency. Using straightforward statistical methods, we aim to determine which scanning tool performs best in finding vulnerabilities while maintaining consistent results across different web applications. Additionally, the analysis offers comparative insights into the performance variations among these tools, highlighting their strengths and limitations. The study paper contributes to strategic decision-making in cybersecurity, enabling organizations to select the most effective tools for vulnerability assessment. The findings demonstrate that OWASP ZAP exhibits superior detection capabilities and consistency across various severity levels, while integrating tools like Nessus, BeSECURE, and Acunetix enhances vulnerability detection, with Nessus excelling in identifying critical and high-severity vulnerabilities.

Idioma:
Inglés
Calendario de la edición:
2 veces al año
Temas de la revista:
Conocimientos generales
RSS Feed de revista