Résumé:
The constantly evolving web landscape presents a wide range of emerging threats that
exploit vulnerabilities within web applications, exposing data, systems, and servers
to significant risks such as data manipulation and theft, unauthorized access and de-
nial of services. To tackle these challenges, the present research project explores the
ability of dynamic analysis and penetration testing tools to effectively detect injec-
tion vulnerabilities in web applications. Consequently, web developers with the help
of security experts can take appropriate actions to safeguard vulnerable applications
from cyberattacks. The study conducted in this project proposes a meta-scan-based
system that leverages the capabilities of several open source and dynamic application
security testing tools. The proposed system aims at detecting three specific injection
vulnerabilities: cross-site scripting, SQL injections, and OS command injections. To
enhance usability, the system incorporates a user-friendly graphical interface with
various features. Through rigorous testing using four well-known vulnerable appli-
cations, the system’s performance is assessed and compared with that of individual
scanners. The results reveal promising outcomes, as the new system successfully re-
duces false positives and negatives, validating its efficacy in bolstering web security.
