Enhancing Web Application Security Using Penetration Testing and Vulnerability Scanning

Enhancing Web Application Security Using Penetration Testing and Vulnerability Scanning

연구 분야: Strategies

학회: 2025 International Conference on Knowledge Engineering and Communication Systems (ICKECS)

Web applications play a crucial role in modern digital infrastructure, enabling vital functionalities across var- ious industries, including healthcare, banking, and ecommerce. However, these applications are increasingly targeted by cyber- attacks, exploiting vulnerabilities such as SQL Injection, Cross- Site Scripting (XSS), and Distributed Denial-of-Service (DDoS) attacks. This paper introduces a multi-layered framework for enhancing web application security through penetration testing, automated vulnerability scanning, and real-time anomaly detec- tion. The proposed system employs OWASP ZAP for vulnerability assessment and Isolation Forest for detecting anomalous traffic patterns, ensuring comprehensive protection against a wide range of threats. Additionally, an intuitive reporting module generates actionable insights to aid developers and security teams in addressing identified risks. Experimental evaluations demonstrate the system’s efficacy in identifying vulnerabilities and mitigating threats in simulated web environments. The framework’s modular design ensures scalability, enabling its application across diverse organizational scales. Future work will explore advanced machine learning models and broader integrations to adapt to evolving cyber threat landscapes.