Taiwo, Anthonia Osarumwense and Lutta, Pantaleon (2026) An Automated Scanner for Detecting Common Web Application Vulnerabilities with a Focus on Enhanced Performance and Security. In: 2025 12th International Conference on Software Defined Systems (SDS). International Conference on Software Defined Systems (SDS) . IEEE, pp. 136-145. ISBN 979-8-3315-7258-7
Tonia manuscript final reviewed.docx - AUTHOR'S ACCEPTED Version (default)
Available under License Type Creative Commons Attribution 4.0 International (CC BY 4.0) .
Download (709kB)
Abstract or description
Web applications are essential to the digital world but remain susceptible to common threats like SQL Injection (SQLi) and Cross-Site Scripting (XSS). Automated vulnerability scanners are vital for security, yet many current solutions are too slow and resource-intensive. This makes them impractical for rapid development cycles or for integration into modern Software-Defined Security (SDS) systems. This paper proposes that focused, lightweight scanners are wellsuited as specialized modules within SDS, offering quick, targeted feedback for immediate security policy enforcement. To demonstrate this, we developed a lightweight, Pythonbased automated vulnerability scanner. Its design emphasizes a focused, modular architecture, using Python’s efficient processing and minimal libraries for enhanced performance. We quantitatively assessed its effectiveness, benchmarking detection speed and accuracy (true positive and false positive rates) against the Open Web Application Security Project Zed Attack Proxy (OWASP Zed) Attack Proxy on a standard vulnerable test site. Results show a significant performance improvement: the scanner reduced average scan time from about 55 minutes to just 58.7 seconds. In terms of accuracy, it successfully identified and confirmed an exploitable SQL Injection vulnerability with a low false positive rate. This research confirms that a targeted, lightweight approach can effectively close the performance gap in automated scanning, providing a practical solution for environments needing fast feedback, like Continuous Integration and Continuous Delivery (CI/CD) pipelines. Future work will expand its coverage to include more complex vulnerabilities while retaining its performance benefits.
| Item Type: | Book Chapter, Section or Conference Proceeding |
|---|---|
| Faculty: | School of Digital, Technologies and Arts > Computer Science, AI and Robotics |
| Event Title: | 2025 12th International Conference on Software Defined Systems (SDS) |
| Event Location: | Lyon, France |
| Depositing User: | Pantaleon Lutta ODONGO |
| Date Deposited: | 08 Jul 2026 08:04 |
| Last Modified: | 08 Jul 2026 08:04 |
| URI: | https://eprints.staffs.ac.uk/id/eprint/9629 |
Lists
Lists