VULNERABLE WEB APPLICATIONS AND HOW TO AUDIT THEM : Use of OWASP Zed Attack Proxy effectively to find the vulnerabilities of web applications
Paudel, Samir (2016)
Paudel, Samir
Oulun ammattikorkeakoulu
2016
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2016060812326
https://urn.fi/URN:NBN:fi:amk-2016060812326
Tiivistelmä
Oulu University of Applied Sciences
Degree programme in Information Technology
Author: Samir Kumar Paudel
Title of the bachelor’s thesis: Vulnerable Web Applications and How to Audit Them
Supervisor: Lauri Pirttiaho
Term and year of completion: Spring 2016 Number of pages: 59
This thesis work was done as a private project for completing a Bachelor’s De-gree in Information Technology. The main objective of this work was to find out the effectiveness of OWASP Zed Attack Proxy, an open source and free inte-grated penetration testing tool for finding vulnerabilities in web applications. Besides that, the secondary objectives were to learn how to make web applica-tions and try to find out the security loopholes of them.
For this project, Notepad++, Localhost, and OWASP Zed Attack Proxy were used as tools, PHP, HTML, JavaScript, and CSS as languages, and MySQL Database for making a prototype web application. Notepad++ is a text editor and it supports various programming languages for writing programs or edit files. Localhost was used as a web host. And OWASP Zed Attack Proxy was used as a testing tool. The reason for using OWASP ZAP is that it is an open source and free application and it is a very popular tool among all available web application penetration testing tools either commercial or open source.
Some vulnerabilities were successfully found by the application (OWASP Zed Attack Proxy). Besides that, the developed prototype web application is a simple one. To test the effectiveness of OWASP Zed Attack Proxy in more detail, the web application should be more complex with various features. Being a prototype, it has limitations regarding its full intended features. As only few features were implemented in the prototype, there is a possibility to add more features to the web application as well as testing it in the future.
Degree programme in Information Technology
Author: Samir Kumar Paudel
Title of the bachelor’s thesis: Vulnerable Web Applications and How to Audit Them
Supervisor: Lauri Pirttiaho
Term and year of completion: Spring 2016 Number of pages: 59
This thesis work was done as a private project for completing a Bachelor’s De-gree in Information Technology. The main objective of this work was to find out the effectiveness of OWASP Zed Attack Proxy, an open source and free inte-grated penetration testing tool for finding vulnerabilities in web applications. Besides that, the secondary objectives were to learn how to make web applica-tions and try to find out the security loopholes of them.
For this project, Notepad++, Localhost, and OWASP Zed Attack Proxy were used as tools, PHP, HTML, JavaScript, and CSS as languages, and MySQL Database for making a prototype web application. Notepad++ is a text editor and it supports various programming languages for writing programs or edit files. Localhost was used as a web host. And OWASP Zed Attack Proxy was used as a testing tool. The reason for using OWASP ZAP is that it is an open source and free application and it is a very popular tool among all available web application penetration testing tools either commercial or open source.
Some vulnerabilities were successfully found by the application (OWASP Zed Attack Proxy). Besides that, the developed prototype web application is a simple one. To test the effectiveness of OWASP Zed Attack Proxy in more detail, the web application should be more complex with various features. Being a prototype, it has limitations regarding its full intended features. As only few features were implemented in the prototype, there is a possibility to add more features to the web application as well as testing it in the future.