An Automated Scanner for Detecting Common Web Application Vulnerabilities with a Focus on Enhanced Performance and Security.

Web applications are essential to the digital world but remain susceptible to common threats like SQL Injection (SQLi) and Cross-Site Scripting (XSS). Automated vulnerability scanners are vital for security, yet many current solutions are too slow and resource-intensive. This makes them impractical for rapid development cycles or for integration into modern Software-Defined Security (SDS) systems. This paper proposes that focused, lightweight scanners are wellsuited as specialized modules within SDS, offering quick, targeted feedback for immediate security policy enforcement. To demonstrate this, we developed a lightweight, Pythonbased automated vulnerability scanner. Its design emphasizes a focused, modular architecture, using Python’s efficient processing and minimal libraries for enhanced performance. We quantitatively assessed its effectiveness, benchmarking detection speed and accuracy (true positive and false positive rates) against the Open Web Application Security Project Zed Attack Proxy (OWASP Zed) Attack Proxy on a standard vulnerable test site. Results show a significant performance improvement: the scanner reduced average scan time from about 55 minutes to just 58.7 seconds. In terms of accuracy, it successfully identified and confirmed an exploitable SQL Injection vulnerability with a low false positive rate. This research confirms that a targeted, lightweight approach can effectively close the performance gap in automated scanning, providing a practical solution for environments needing fast feedback, like Continuous Integration and Continuous Delivery (CI/CD) pipelines. Future work will expand its coverage to include more complex vulnerabilities while retaining its performance benefits.

• Publication year

  2025

• Venue

  Swiss Conference on Data Science

• Publication date

  2025-12-02

• Fields of study

  Not labeled

• Identifiers
  DOI 10.1109/SDS68531.2025.11409835
• External record

  Open on Semantic Scholar

• Source metadata

  Semantic Scholar

• No claims are published for this paper.

• No concepts are published for this paper.

• The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities

  2023cited by this paper
• Security Analysis on Websites Belonging to the Health Service Districts in Indonesia Based on the Open Web Application Security Project (OWASP) Top 10 2021

  2023cited by this paper
• LineVul: A Transformer-based Line-Level Vulnerability Prediction

  2022cited by this paper
• A Systematic Literature Review on the Characteristics and Effectiveness of Web Application Vulnerability Scanners

  2022cited by this paper
• Human-in-the-Loop XAI-enabled Vulnerability Detection, Investigation, and Mitigation

  2021cited by this paper
• Efficiency and Effectiveness of Web Application Vulnerability Detection Approaches: A Review

  2021cited by this paper
• Performance Comparison on SQL Injection and XSS Detection using Open Source Vulnerability Scanners

  2021cited by this paper
• Practical Security Testing Of Electronic Commerce Web Applications

  2021cited by this paper
• Design and Implementation of High-performance Web Vulnerability Scanner Based on Python Intelligent Crawler

  2021cited by this paper
• An empirical comparison of commercial and open‐source web vulnerability scanners

  2020cited by this paper
• Comparison of Nikto and Uniscan for measuring URL vulnerability

  2019cited by this paper
• State of the Art: Automated Black-Box Web Application Vulnerability Testing

  2010cited by this paper
• Triangulation

  1997cited by this paper
• BOOK OF ABSTRACTS BOOK OF ABSTRACTS

  year unknowncited by this paper

• No citing papers are available for this paper.