{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,9]],"date-time":"2026-05-09T17:14:51Z","timestamp":1778346891259,"version":"3.51.4"},"reference-count":32,"publisher":"MDPI AG","issue":"1","license":[{"start":{"date-parts":[[2024,12,27]],"date-time":"2024-12-27T00:00:00Z","timestamp":1735257600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Electronics"],"abstract":"<jats:p>In a world increasingly dependent on technology and in an era where connectivity is omnipresent, Web applications have become an essential part of our everyday life. The evolution of these applications, combined with the exponential increase in the number of users, has brought with it not only convenience but also significant challenges in terms of security. Ensuring the security of Web applications and their data is increasingly a priority for companies, although many companies lack the know-how, time, and money to do so. This research project studied and developed a system with the aim of automating the process of detecting vulnerabilities in Web applications by exploiting the benefits of the interoperability of the two forms of automation of the tool selected to carry out this analysis. The developed solution is low-cost and requires very little user intervention. In order to validate and evaluate the developed platform, experiments were carried out on applications with different types of vulnerabilities known in advance and on real applications. It is essential to guarantee the security of Web applications, and the developed system proved capable of automating the detection of vulnerability risks and returning the results in a relatively simple way for the user.<\/jats:p>","DOI":"10.3390\/electronics14010079","type":"journal-article","created":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T14:35:42Z","timestamp":1735742142000},"page":"79","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Intelligent Platform for Automating Vulnerability Detection in Web Applications"],"prefix":"10.3390","volume":"14","author":[{"ORCID":"https:\/\/orcid.org\/0009-0009-2783-3241","authenticated-orcid":false,"given":"Diogo","family":"Moreira","sequence":"first","affiliation":[{"name":"Information Sciences, Technologies and Architecture Research Center (ISTAR), ISCTE-Lisbon University Institute, 1649-026 Lisbon, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-3348-5660","authenticated-orcid":false,"given":"Jo\u00e3o Pedro","family":"Seara","sequence":"additional","affiliation":[{"name":"Information Sciences, Technologies and Architecture Research Center (ISTAR), ISCTE-Lisbon University Institute, 1649-026 Lisbon, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4759-4817","authenticated-orcid":false,"given":"Jo\u00e3o Pedro","family":"Pavia","sequence":"additional","affiliation":[{"name":"Information Sciences, Technologies and Architecture Research Center (ISTAR), ISCTE-Lisbon University Institute, 1649-026 Lisbon, Portugal"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4847-2432","authenticated-orcid":false,"given":"Carlos","family":"Serr\u00e3o","sequence":"additional","affiliation":[{"name":"Information Sciences, Technologies and Architecture Research Center (ISTAR), ISCTE-Lisbon University Institute, 1649-026 Lisbon, Portugal"}]}],"member":"1968","published-online":{"date-parts":[[2024,12,27]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Althunayyan, M., Saxena, N., Li, S., and Gope, P. (2022). Evaluation of Black-Box Web Application Security Scanners in Detecting Injection Vulnerabilities. Electronics, 11.","DOI":"10.3390\/electronics11132049"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Djeki, E., Degila, J., Bondiombouy, C., and Alhassan, M.H. (2021, January 17\u201319). Security Issues in Digital Learning Spaces. Proceedings of the 2021 IEEE International Conference on Computing, ICOCO 2021, Kuala Lumpur, Malaysia.","DOI":"10.1109\/ICOCO53166.2021.9673575"},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Shahid, J., Hameed, M.K., Javed, I.T., Qureshi, K.N., Ali, M., and Crespi, N. (2022). A Comparative Study of Web Application Security Parameters: Current Trends and Future Directions. Appl. Sci., 12.","DOI":"10.3390\/app12084077"},{"key":"ref_4","unstructured":"Petrosyan, A. (2024, December 22). Distribution of Cyber Incidents in Organizations Worldwide as of September 2023, by Type. Statista, Available online: https:\/\/www.statista.com\/statistics\/1483769\/global-cyber-incidents-by-type\/."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Muralidharan, M., Babu, K.B., and Sujatha, G. (2023, January 20\u201321). W3BnNr: An Automated tool for information gathering, vulnerability scanning, attacking and reporting for injection attacks on web application. Proceedings of the ACCTHPA 2023\u2014Conference on Advanced Computing and Communication Technologies for High Performance Applications, Ernakulam, India.","DOI":"10.1109\/ACCTHPA57160.2023.10083380"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Lavens, E., Philippaerts, P., and Joosen, W. (2022, January 23\u201326). A Quantitative Assessment of the Detection Performance of Web Vulnerability Scanners. Proceedings of the ACM International Conference Proceeding Series, Association for Computing Machinery, Vienna, Austria.","DOI":"10.1145\/3538969.3544416"},{"key":"ref_7","unstructured":"OWASP (2024, December 22). OWASP Top 10. OWASP Foundation. Available online: https:\/\/owasp.org\/www-project-top-ten\/."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"25858","DOI":"10.1109\/ACCESS.2021.3057044","article-title":"Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results","volume":"9","author":"Sonmez","year":"2021","journal-title":"IEEE Access"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Seara, J.P., and Serrao, C. (2024). Automation of System Security Vulnerabilities Detection Using Open-Source Software. Electronics, 13.","DOI":"10.3390\/electronics13050873"},{"key":"ref_10","first-page":"1","article-title":"Intelligent System for Automation of Security Audits (SIAAS)","volume":"11","author":"Seara","year":"2023","journal-title":"EAI Endorsed Trans. Scalable Inf. Syst."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Truong, D., Tran, D., Nguyen, L., Mac, H., Tran, H.A., and Bui, T. (2019, January 4\u20136). Detecting web attacks using stacked denoising autoencoder and ensemble learning methods. Proceedings of the ACM International Conference Proceeding Series, Association for Computing Machinery, Hanoi Ha Long Bay, Vietnam.","DOI":"10.1145\/3368926.3369715"},{"key":"ref_12","unstructured":"Petrosyan, A. (2024, December 22). Global Industry Sectors Most Targeted by Basic Web Application Attacks from November 2022 to October 2023 Statista 2024. Available online: https:\/\/www.statista.com\/statistics\/221293\/cyber-crime-target-industries\/."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Nirmal, K., Janet, B., and Kumar, R. (2018, January 14\u201315). It\u2019s more than stealing cookies\u2014Exploitability of XSS. Proceedings of the 2018 International Conference on Intelligent Computing and Control Systems (ICICCS), Madurai, India.","DOI":"10.1109\/ICCONS.2018.8663230"},{"key":"ref_14","first-page":"1","article-title":"A Survey on Web Application Security","volume":"25","author":"Li","year":"2011","journal-title":"Nashville, TN USA"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Nocera, S., Romano, S., Francese, R., and Scanniello, G. (2024, January 14\u201320). Training for Security: Results from Using a Static Analysis Tool in the Development Pipeline of Web Apps. Proceedings of the International Conference on Software Engineering, Lisbon, Portugal.","DOI":"10.1145\/3639474.3640073"},{"key":"ref_16","unstructured":"Goe, D. (2015, January 13\u201315). Detection of Web Appication Vulnerability Based on RUP Model. Proceedings of the 2015 National Conference on Recent Advances in Electronics & Computer Engineering (RAECE), Roorkee, India."},{"key":"ref_17","unstructured":"MITRE (2024, December 22). CWE Top 25 Most Dangerous Software Weaknesses. Mitre, Available online: https:\/\/cwe.mitre.org\/top25\/."},{"key":"ref_18","first-page":"301","article-title":"A Comparative Study of Black Box Testing and White Box Testing","volume":"5","author":"Verma","year":"2017","journal-title":"Artic. Int. J. Comput. Sci. Eng."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"633","DOI":"10.1007\/978-981-15-2317-5_53","article-title":"Quantitative Assessment of Remote Code Execution Vulnerability in Web Apps","volume":"Volume 632","author":"Hassan","year":"2020","journal-title":"Proceedings of the Lecture Notes in Electrical Engineering"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Singh, N., Meherhomji, V., and Chandavarkar, B.R. (2020, January 1\u20133). Automated versus Manual Approach of Web Application Penetration Testing. Proceedings of the 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Kharagpur, India.","DOI":"10.1109\/ICCCNT49239.2020.9225385"},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Acheampong, R., Balan, T.C., Popovici, D.M., and Rekeraho, A. (2022, January 16\u201318). Security Scenarios Automation and Deployment in Virtual Environment using Ansible. Proceedings of the 14th International Conference on Communications, COMM 2022, Bucharest, Romania.","DOI":"10.1109\/COMM54429.2022.9817150"},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Beba, S., Karlsen, M.M., Li, J., and Zhang, B. (2021, January 6\u20139). Critical Understanding of Security Vulnerability Detection Plugin Evaluation Reports. Proceedings of the Asia-Pacific Software Engineering Conference, APSEC, Taipei, Taiwan.","DOI":"10.1109\/APSEC53868.2021.00035"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Al-Kahla, W., Shatnawi, A.S., and Taqieddin, E. (2021, January 24\u201326). A Taxonomy of Web Security Vulnerabilities. Proceedings of the 2021 12th International Conference on Information and Communication Systems, ICICS 2021, Valencia, Spain.","DOI":"10.1109\/ICICS52457.2021.9464576"},{"key":"ref_24","first-page":"4","article-title":"Performance Evaluation of Web Application Security Scanners for Prevention and Protection against Vulnerabilities","volume":"12","author":"Idrissi","year":"2017","journal-title":"Int. J. Appl. Eng. Res."},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Koswara, K.J., and Asnar, Y.D.W. (2019, January 13\u201314). Improving Vulnerability Scanner Performance in Detecting AJAX Application Vulnerabilities. Proceedings of the 2019 International Conference on Data and Software Engineering (ICoDSE): Gedung Konferensi Universitas Tanjungpura, Pontianak, Indonesia.","DOI":"10.1109\/ICoDSE48700.2019.9092613"},{"key":"ref_26","first-page":"4584","article-title":"Black Box Evaluation of Web Application Scanners: Standards Mapping Approach","volume":"31","author":"Qasaimeh","year":"2018","journal-title":"J. Theor. Appl. Inf. Technol."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Jain, T., and Jain, N. (2019, January 7\u20138). Framework for Web Application Vulnerability Discovery and Mitigation by Customizing Rules through ModSecurity. Proceedings of the 2019 6th International Conference on Signal Processing and Integrated Networks (SPIN), Noida, India.","DOI":"10.1109\/SPIN.2019.8711673"},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Abdulghaffar, K., Elmrabit, N., and Yousefi, M. (2023). Enhancing Web Application Security through Automated Penetration Testing with Multiple Vulnerability Scanners. Computers, 12.","DOI":"10.3390\/computers12110235"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Albahar, M., Alansari, D., and Jurcut, A. (2022). An Empirical Comparison of Pen-Testing Tools for Detecting Web App Vulnerabilities. Electronics, 11.","DOI":"10.3390\/electronics11192991"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Mburano, B., and Si, W. (2018, January 18\u201320). Evaluation of Web Vulnerability Scanners Based on OWASP Benchmark. Proceedings of the ICSEng 2018: 26th International Conference on Systems Engineering, Sydney, Australia.","DOI":"10.1109\/ICSENG.2018.8638176"},{"key":"ref_31","unstructured":"Team, Z.D. (2024, December 22). ZAP. Available online: https:\/\/www.zaproxy.org\/."},{"key":"ref_32","unstructured":"Portugal (2024, December 22). Lei n.\u00ba 109-2009. Di\u00e1rio da R\u00e9publica. S\u00e9rie I de 2009-09-15. Available online: https:\/\/diariodarepublica.pt\/dr\/detalhe\/lei\/109-2009-489693."}],"container-title":["Electronics"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-9292\/14\/1\/79\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T17:01:35Z","timestamp":1760115695000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-9292\/14\/1\/79"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,27]]},"references-count":32,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2025,1]]}},"alternative-id":["electronics14010079"],"URL":"https:\/\/doi.org\/10.3390\/electronics14010079","relation":{},"ISSN":["2079-9292"],"issn-type":[{"value":"2079-9292","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,27]]}}}