Automated Web Vulnerability Detection and Reporting Engine
CH. Narendra Kumar1, SK. Riyan Azeem2, Sk. Abdul Rahman3, K. Siva Sai4,
1234 B.TECH Student, Department Of Computer Science And Engineering(Cyber Security), Geethanjali Institute Of Science And Technology, Nellore, AP, India.
Guide: Mr. V. Chaithanya, Assistant Professor,
Department Of Computer Science And Engineering (Cyber Security), Geethanjali Institute Of Science And Technology, Nellore, AP, India.
ABSTRACT
The widespread use of web applications in essential industries like banking, healthcare, e-commerce and education has created a major challenge for companies which need to protect their web applications from security threats. Manual penetration testing which belongs to traditional vulnerability assessment methods needs both high costs and extensive time commitments and becomes unmanageable when testing modern web applications which have complex security architectures. The project introduces an Automated Web Vulnerability Detection and Reporting Engine which solves the existing system limitations by providing a solution that detects and evaluates security flaws in web applications. The system automatically navigates through target websites by following links and form elements to gather input vectors which it uses to launch specific attack payloads for testing multiple security weaknesses including Cross-Site Scripting (XSS) and other typical web security issues. The engine checks application responses to find out whether vulnerabilities exist and their severity and their specific locations in the system. The scanning process produces a JSON-based report which organizes information about discovered vulnerabilities into a systematic format that includes their risk ratings and detailed descriptions and affected system parts and recommended solutions. The proposed engine uses automated processes to find vulnerabilities and create reports which decreases manual testing requirements while giving developers practical security recommendations for their applications. The lightweight tool operates without needing extra hardware resources so it becomes an ideal solution for developers and small organizations and academic institutions. The system successfully detects security vulnerabilities in testing conducted on purposely vulnerable web applications while offering effective guidance for remediation efforts. The research provides an efficient developer-friendly solution which scales better than traditional security testing methods to protect modern web applications from threats.
Key Words: Automated Web Vulnerability Scanner, SQL, Cross-Site Scripting (XSS) and Automated Security Testing and Vulnerability Detection.
