Automated Testing: Testing Top 10 OWASP Vulnerabilities of Government Web Applications in Bangladesh

Khan, Touseef Aziz; Ahamed, Azaz; Sadman, Nafiz; Hannan, Mahfuz Ibne; Sadia, Farzana; Hasan, Mahady

Home // ICSEA 2022, The Seventeenth International Conference on Software Engineering Advances // View article

Automated Testing: Testing Top 10 OWASP Vulnerabilities of Government Web Applications in Bangladesh

Authors:
Touseef Aziz Khan
Azaz Ahamed
Nafiz Sadman
Mahfuz Ibne Hannan
Farzana Sadia
Mahady Hasan

Keywords: Software Testing; Automated Testing; OWASP; Web Vulnerability; Testing Tools.

Abstract:
With an increase in the popularity of the Internet, there is also a rise in the number of security threats and vulnerabilities. The Open Web Application Security Project (OWASP) is an online community-driven project that provides a set of 10 most crucial security vulnerabilities to monitor and mitigate to have safer Internet connectivity. Automated software testing provides invaluable insights into the current situation regarding OWASP Top 10 2017 vulnerabilities for Web applications from the five sectors of the Bangladesh Government. In this research, comprehensive testing has been carried out using BurpSuite, ZAP and Netsparker to see recurring vulnerabilities among the sections of Web applications. We draw data-driven comparisons between these tools and evaluate them against Web applications from respective sectors and the results are presented accordingly. We found the Services and the Transportation sectors to be most vulnerable.

Pages: 46 to 52

Copyright: Copyright (c) IARIA, 2022

Publication date: October 16, 2022

Published in: conference

ISSN: 2308-4235

ISBN: 978-1-61208-997-3

Location: Lisbon, Portugal

Dates: from October 16, 2022 to October 20, 2022