Abstract
Web application security is a critical aspect of modern cybersecurity, necessitating efficient and reliable vulnerability detection mechanisms. This study presents a quantitative analysis of unique web application vulnerabilities detected by four automated scanning tools: Nessus, Acunetix, OWASP ZAP, and BeSECURE. We scanned 67 web applications and sorted the vulnerabilities we found into four categories: Critical, High, Medium, and Low. This study evaluates each tool’s effectiveness and reliability using mean and standard deviation, providing key insights into their performance consistency. Using straightforward statistical methods, we aim to determine which scanning tool performs best in finding vulnerabilities while maintaining consistent results across different web applications. Additionally, the analysis offers comparative insights into the performance variations among these tools, highlighting their strengths and limitations. The study paper contributes to strategic decision-making in cybersecurity, enabling organizations to select the most effective tools for vulnerability assessment. The findings demonstrate that OWASP ZAP exhibits superior detection capabilities and consistency across various severity levels, while integrating tools like Nessus, BeSECURE, and Acunetix enhances vulnerability detection, with Nessus excelling in identifying critical and high-severity vulnerabilities.