Have a personal or library account? Click to login
Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency Cover

Statistical Analysis of Unique Web Application Vulnerabilities: A Quantitative Assessment of Scanning Tool Efficiency

SEEU Review
Volume 20 (2025): Issue 1 (June 2025)
By: Gani Zogaj,  Florie Ismaili,  Ermira Idrizi and  Artan Luma  
Open Access
|Jun 2025

References

  1. Ali, N. S., Shibghatullah, A. S. B., Alhilali, A. H., Al-Khammasi, S., Kadhim, M. F., & Fatlawi, H. K. (2020). A comparative analysis and performance evaluation of web application protection techniques against injection attacks. International Journal of Mobile Communications, 18(2), 196–228. https://doi.org/10.1504/IJMC.2020.105855
    Search in Google ScholarBack to article
  2. Kejiou, A., & Bekaroo, G. (2022). A review and comparative analysis of vulnerability scanning tools for wireless LANs. In 2022 3rd International Conference on Next Generation Computing Applications (NextComp) (pp. 1-8). IEEE. https://doi.org/10.1109/NextComp55567.2022.9932245
    Search in Google ScholarBack to article
  3. Lamrani Alaoui, R., & Nfaoui, E. H. (2022). Deep learning for vulnerability and attack detection on web applications: A systematic literature review. Future Internet, 14(4), 118. https://doi.org/10.3390/fi14040118
    Search in Google ScholarBack to article
  4. N. S. Ali, “Investigation framework of web applications vulnerabilities, attacks and protection techniques in structured query language injection attacks,” Int. J. Wireless Mobile Comput., vol. 15, no. 2, pp. 103-122, 2018, DOI:10.1504/IJWMC.2018.091137
    Search in Google ScholarBack to article
  5. F. Alaca and P. C. Van Oorschot, “Comparative analysis and framework evaluating web single sign-on systems,” ACM Comput. Surv. (CSUR), vol. 53, no. 5, Article 112, 2020, doi: 10.1145/3409452.
    Search in Google ScholarBack to article
  6. P. Yeng, S. Wolthusen, and B. Yang, “Comparative analysis of software development methodologies for security requirement analysis: Towards healthcare security practice,” 13th Int. Conf. Inf. Syst., Sofia, Bulgaria, Mar. 2020, DOI:10.33965/is2020_202006L009
    Search in Google ScholarBack to article
  7. Hamza, Z. A., & Hammad, M. (2020). Testing approaches for web and mobile applications: An overview. International Journal of Computer and Digital Systems, 9(4), 13. https://doi.org/10.12785/IJCDS/090413
    Search in Google ScholarBack to article
  8. Aslan, Ö., Aktuğ, S. S., Ozkan-Okay, M., Yilmaz, A. A., & Akin, E. (2023). A comprehensive review of cybersecurity vulnerabilities, threats, attacks, and solutions. Electronics, 12(6). https://doi.org/10.3390/electronics12061333
    Search in Google ScholarBack to article
  9. Yohanandhan, R. V., Elavarasan, R. M., Manoharan, P., & Mihet-Popa, L. (2020). Cyber-physical power system (CPPS): A review on modeling, simulation, and analysis with cybersecurity applications. IEEE Access, 8. https://doi.org/10.1109/ACCESS.2020.3016826
    Search in Google ScholarBack to article
  10. Ahmad, W., Rasool, A., Javed, A. R., Baker, T., & Jalil, Z. (2021). Cybersecurity in IoT-based cloud computing: A comprehensive survey. Electronics, 11(1). https://doi.org/10.3390/electronics11010016
    Search in Google ScholarBack to article
  11. Besimi, A., & Shehu, V. (2020). Technology: COVID-19 and the ‘new-normal’ lifestyle vs. security challenges. SEEU Review, 15(1), 71. https://doi.org/10.2478/seeur-2020-0005
    Search in Google ScholarBack to article
  12. M. Alhamed and M. M. Hafizur Rahman, “A Systematic Literature Review on Penetration Testing in Networks: Future Research Directions,” Appl. Sci., vol. 13, no. 12, p. 6986, Jun. 2023, doi: 10.3390/app13126986.
    Search in Google ScholarBack to article
  13. A. Tundis, W. Mazurczyk, and M. Mühlhäuser, “A review of network vulnerabilities scanning tools: Types, capabilities, and functioning,” ARES ‘18: Proceedings of the 13th International Conference on Availability, Reliability and Security, vol. 1, pp. 1-10, Aug. 2018, doi https://doi.org/10.1145/3230833.3233287
    Search in Google ScholarBack to article
  14. Khalid, M. N., Iqbal, M., Rasheed, K., & Abid, M. M. (2020). Web Vulnerability Finder (WVF): Automated black-box web vulnerability scanner. Journal of Information Technology and Computer Science, 2020(4), 38–46. https://doi.org/10.5815/ijitcs.2020.04.05
    Search in Google ScholarBack to article
  15. Systematic Literature Review: Security Gap Detection on Websites Using OWASP ZAP.” Brilliance: Research of Artificial Intelligence, vol. 4, no. 1, May 2024. h https://doi.org/10.47709/brilliance.v4i1.4227
    Search in Google ScholarBack to article
  16. Y. Chen, A. E. Santosa, A. Sharma, and D. Lo, “Automated identification of libraries from vulnerability data,” ICSE-SEIP ‘20: Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering: Software Engineering in Practice, pp. 90–99, Sep. https://dl.acm.org/doi/10.1145/3377813.3381360
    Search in Google ScholarBack to article
  17. R. W. Scholz, R. Czichos, P. Parycek, and T. J. Lampoltshammer, “Organizational vulnerability of digital threats: A first validation of an assessment method,” European Journal of Operational Research, 2019. https://doi.org/10.1016/j.ejor.2019.09.020
    Search in Google ScholarBack to article
  18. Mi, F., Wang, Z., Zhao, C., Guo, J., Ahmed, F., & Khan, L. (2021). VSCL: Automating vulnerability detection in smart contracts with deep learning. In 2021 IEEE International Conference on Blockchain and Cryptocurrency (ICBC). IEEE. https://doi.org/10.1109/ICBC51069.2021.9461050
    Search in Google ScholarBack to article
  19. Chancusi, A., Diestra, P., & Nicolalde, D. (2021). Vulnerability analysis of the exposed public IPs in a higher education institution. In ICCNS ‘20: Proceedings of the 2020 10th International Conference on Communication and Network Security (pp. 83–90). https://doi.org/10.1145/3442520.3442523
    Search in Google ScholarBack to article
  20. Rathi, S. C., Misra, S., Colomo-Palacios, R., Adarsh, R., Neti, L. B. M., & Kumar, L. (2023). Empirical evaluation of the performance of data sampling and feature selection techniques for software fault prediction. Expert Systems with Applications. https://doi.org/10.1016/j.eswa.2023.119806
    Search in Google ScholarBack to article
  21. Li, X., Wang, L., Xin, Y., Yang, Y., & Chen, Y. (2020). Automated vulnerability detection in source code using minimum intermediate representation learning. Applied Sciences, 10(5), 1692. https://doi.org/10.3390/app10051692
    Search in Google ScholarBack to article
  22. Jorepalli, S. (2022). Trends in threat vulnerability management: Advanced techniques for proactive network security. International Journal on Recent and Innovation Trends in Computing and Communication, 10(10), 218. http://www.ijritcc.org
    Search in Google ScholarBack to article
  23. Alqarni, M., & Azim, A. (2022). Low level source code vulnerability detection using advanced BERT language model. 35th Canadian Conference on Artificial Intelligence. https://www.researchgate.net/publication/363018292_Low_Level_Source_Code_Vulnerability_Detection_Using_Advanced_BERT_Language_Model
    Search in Google ScholarBack to article
  24. Arifi, D., & Arifi, B. (2020). Cybercrime: A challenge to law enforcement. SEEU Review, 15(2), 42. https://doi.org/10.2478/seeur-2020-0016
    Search in Google ScholarBack to article
  25. Fetahi, E., Hamiti, M., Susuri, A., Zenuni, X., & Ajdari, J. (2024). Integrating handcrafted features with machine learning for hate speech detection in Albanian social media. SEEU Review, 19(2), 80. https://doi.org/10.2478/seeur-2024-0025
    Search in Google ScholarBack to article
  26. A. W. Ayeni, “Empirics of standard deviation,” Research Presentation, Covenant Univ., May 2014, DOI:10.13140/2.1.1444.6729.
    Search in Google ScholarBack to article
  27. Przystupa, K., Kolodiy, Z., Yatsyshyn, S., Majewski, J., Khoma, Y., Petrovska, I., Lasarenko, S., & Hut, T. (2023). Standard deviation in the simulation of statistical measurements. Metrology and Measurement Systems. https://doi.org/10.24425/mms.2023.144403
    Search in Google ScholarBack to article
  28. Markevych, M., & Dawson, M. (2023). A review of enhancing intrusion detection systems for cybersecurity using artificial intelligence (AI). Knowledge-Based Organization, 29(3). https://doi.org/10.2478/kbo-2023-0072
    Search in Google ScholarBack to article
  29. Luo, F., Jiang, Y., Zhang, Z., Ren, Y., & Hou, S. (2021). Threat analysis and risk assessment for connected vehicles: A survey. Security and Communication Networks, 2021, Article 1263820. https://doi.org/10.1155/2021/1263820
    Search in Google ScholarBack to article
  30. Moore, E. L., Fulton, S. P., Mancuso, R. A., Amador, T. K., & Likarish, D. M. (2021). A layered model for building cyber defense training capacity. In Information Security Education for Cyber Resilience (pp. 64–80) https://link.springer.com/chapter/10.1007/978-3-030-80865-5_5
    Search in Google ScholarBack to article
  31. Priyawati, D., Rokhmah, S., & Utomo, I. C. (2022). Website vulnerability testing and analysis of website application using OWASP. International Journal of Computer and Information System (IJCIS), 3(3). http://www.ijcis.net/index.php/ijcis/article/view/90
    Search in Google ScholarBack to article
DOI: https://doi.org/10.2478/seeur-2025-0021 | Journal eISSN: 1857-8462
Journal RSS Feed
Language: English
Page range: 136 - 152
Published on: Jun 30, 2025
Published by: South East European University
In partnership with: Paradigm Publishing Services
Publication frequency: 2 issues per year
Keywords:
Vulnerability Scanning,
Nessus,
Acunetix,
OWASP ZAP,
BeSECURE,
Web Application,
Vulnerability Detection Tools,
Comparative Analysis and Cybersecurity
Related subjects:
General interest

© 2025 Gani Zogaj, Florie Ismaili, Ermira Idrizi, Artan Luma, published by South East European University
This work is licensed under the Creative Commons Attribution 4.0 License.

Previous articleVolume 20 (2025): Issue 1 (June 2025)Next article