A Study on the Effectiveness of Vulnerability Tools in Protecting Web Applications from Cyber Threats
DOI:
https://doi.org/10.5555/562jqf03Keywords:
Web applications, ZAP, Vega, Vulnerability Scanning tools, SecurityAbstract
In developing a highly efficient web application system, security is just as important as performance, as it must minimize or ideally eliminate vulnerabilities. Therefore, this research examines the effectiveness of two tools—ZAP (Zed Attack Proxy) and Vega—in detecting vulnerabilities in web applications. Both tools are free, widely used, and compatible with multiple operating systems, including Windows, macOS, and Linux. They can scan for vulnerabilities in almost any web application, regardless of the programming language used. The objectives of this research are to: 1) study the effectiveness of detecting vulnerabilities; 2) evaluate the effectiveness of scanning speed, and 3) examine the effectiveness of fixing defects in web applications. The experimental method involved installing both tools on a Windows 11 Professional computer and scanning for vulnerabilities 10 times per website across five web applications developed in different programming languages. The results were recorded in Excel, and the average values for all three objectives were calculated for each tool. Finally, the averages were analyzed and compared. The findings show that ZAP is more effective than Vega at detecting vulnerabilities (average score: 60.3 for ZAP versus 11.3 for Vega) and at providing recommendations for resolving issues (average score: 123 for ZAP versus 33 for Vega). However, Vega outperformed ZAP in scanning speed (average time: 125.80 seconds for Vega versus 41,364.01 seconds for ZAP). These experimental results can help developers select the most appropriate tools for reducing vulnerabilities in web application development and for resolving issues quickly and accurately.
Downloads
Published
Issue
Section
License
Copyright (c) 2025 Journal of Science and Teacher Education
This work is licensed under a Creative Commons Attribution 4.0 International License.
