{"id":"https://openalex.org/W4388694846","doi":"https://doi.org/10.3390/computers12110235","title":"Enhancing Web Application Security through Automated Penetration Testing with Multiple Vulnerability Scanners","display_name":"Enhancing Web Application Security through Automated Penetration Testing with Multiple Vulnerability Scanners","publication_year":2023,"publication_date":"2023-11-15","ids":{"openalex":"https://openalex.org/W4388694846","doi":"https://doi.org/10.3390/computers12110235"},"language":"en","primary_location":{"id":"doi:10.3390/computers12110235","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers12110235","pdf_url":"https://www.mdpi.com/2073-431X/12/11/235/pdf?version=1700031764","source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2073-431X/12/11/235/pdf?version=1700031764","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5093266556","display_name":"Khaled Abdulghaffar","orcid":"https://orcid.org/0009-0003-1220-2021"},"institutions":[{"id":"https://openalex.org/I195939026","display_name":"Glasgow Caledonian University","ror":"https://ror.org/03dvm1235","country_code":"GB","type":"education","lineage":["https://openalex.org/I195939026"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Khaled Abdulghaffar","raw_affiliation_strings":["Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK","Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK;"],"raw_orcid":"https://orcid.org/0009-0003-1220-2021","affiliations":[{"raw_affiliation_string":"Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK","institution_ids":["https://openalex.org/I195939026"]},{"raw_affiliation_string":"Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK;","institution_ids":["https://openalex.org/I195939026"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005271596","display_name":"Nebrase Elmrabit","orcid":"https://orcid.org/0000-0002-4267-8798"},"institutions":[{"id":"https://openalex.org/I195939026","display_name":"Glasgow Caledonian University","ror":"https://ror.org/03dvm1235","country_code":"GB","type":"education","lineage":["https://openalex.org/I195939026"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Nebrase Elmrabit","raw_affiliation_strings":["Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK","Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK;"],"raw_orcid":"https://orcid.org/0000-0002-4267-8798","affiliations":[{"raw_affiliation_string":"Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK","institution_ids":["https://openalex.org/I195939026"]},{"raw_affiliation_string":"Department of Cyber Security and Networks, Glasgow Caledonian University, Glasgow G4 0BA, UK;","institution_ids":["https://openalex.org/I195939026"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5076704771","display_name":"M. Yousefi","orcid":"https://orcid.org/0000-0003-0832-650X"},"institutions":[{"id":"https://openalex.org/I12870472","display_name":"Birmingham City University","ror":"https://ror.org/00t67pt25","country_code":"GB","type":"education","lineage":["https://openalex.org/I12870472"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Mehdi Yousefi","raw_affiliation_strings":["School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7XG, UK","School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7XG, UK;"],"raw_orcid":"https://orcid.org/0000-0003-0832-650X","affiliations":[{"raw_affiliation_string":"School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7XG, UK","institution_ids":["https://openalex.org/I12870472"]},{"raw_affiliation_string":"School of Computing and Digital Technology, Birmingham City University, Birmingham B4 7XG, UK;","institution_ids":["https://openalex.org/I12870472"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5005271596"],"corresponding_institution_ids":["https://openalex.org/I195939026"],"apc_list":{"value":1600,"currency":"CHF","value_usd":1732},"apc_paid":{"value":1600,"currency":"CHF","value_usd":1732},"fwci":12.2471,"has_fulltext":true,"cited_by_count":28,"citation_normalized_percentile":{"value":0.98608664,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"12","issue":"11","first_page":"235","last_page":"235"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7324073910713196},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.5902631282806396},{"id":"https://openalex.org/keywords/web-application","display_name":"Web application","score":0.5343493819236755},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.5135791301727295},{"id":"https://openalex.org/keywords/application-security","display_name":"Application security","score":0.5035380721092224},{"id":"https://openalex.org/keywords/vulnerability-assessment","display_name":"Vulnerability assessment","score":0.4877036511898041},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4595756232738495},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.338483601808548},{"id":"https://openalex.org/keywords/software-security-assurance","display_name":"Software security assurance","score":0.2842000722885132},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.20998480916023254},{"id":"https://openalex.org/keywords/information-security","display_name":"Information security","score":0.18913307785987854}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7324073910713196},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.5902631282806396},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.5343493819236755},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.5135791301727295},{"id":"https://openalex.org/C77109596","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Application security","level":5,"score":0.5035380721092224},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.4877036511898041},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4595756232738495},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.338483601808548},{"id":"https://openalex.org/C62913178","wikidata":"https://www.wikidata.org/wiki/Q7554361","display_name":"Software security assurance","level":4,"score":0.2842000722885132},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.20998480916023254},{"id":"https://openalex.org/C527648132","wikidata":"https://www.wikidata.org/wiki/Q189900","display_name":"Information security","level":2,"score":0.18913307785987854},{"id":"https://openalex.org/C55493867","wikidata":"https://www.wikidata.org/wiki/Q7094","display_name":"Biochemistry","level":1,"score":0.0},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.0},{"id":"https://openalex.org/C104317684","wikidata":"https://www.wikidata.org/wiki/Q7187","display_name":"Gene","level":2,"score":0.0},{"id":"https://openalex.org/C137176749","wikidata":"https://www.wikidata.org/wiki/Q4105337","display_name":"Psychological resilience","level":2,"score":0.0},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.0},{"id":"https://openalex.org/C542102704","wikidata":"https://www.wikidata.org/wiki/Q183257","display_name":"Psychotherapist","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.3390/computers12110235","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers12110235","pdf_url":"https://www.mdpi.com/2073-431X/12/11/235/pdf?version=1700031764","source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},{"id":"pmh:oai:researchonline.gcu.ac.uk:publications/4a18e37d-2e79-4415-96eb-a045d93a6ecb","is_oa":true,"landing_page_url":"https://researchonline.gcu.ac.uk/en/publications/4a18e37d-2e79-4415-96eb-a045d93a6ecb","pdf_url":"https://researchonline.gcu.ac.uk/ws/files/81603077/81573588.pdf","source":{"id":"https://openalex.org/S4306402566","display_name":"ResearchOnline (Glasgow Caledonian University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I195939026","host_organization_name":"Glasgow Caledonian University","host_organization_lineage":["https://openalex.org/I195939026"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Abdulghaffar, K, Elmrabit, N & Yousefi, M 2023, 'Enhancing web application security through automated penetration testing with multiple vulnerability scanners.', Computers, vol. 12, no. 11, 235. https://doi.org/10.3390/computers12110235","raw_type":"info:eu-repo/semantics/publishedVersion"},{"id":"pmh:oai:doaj.org/article:be70045f004840198bfc3baf75a4f5fd","is_oa":true,"landing_page_url":"https://doaj.org/article/be70045f004840198bfc3baf75a4f5fd","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Computers, Vol 12, Iss 11, p 235 (2023)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.3390/computers12110235","is_oa":true,"landing_page_url":"https://doi.org/10.3390/computers12110235","pdf_url":"https://www.mdpi.com/2073-431X/12/11/235/pdf?version=1700031764","source":{"id":"https://openalex.org/S4210228075","display_name":"Computers","issn_l":"2073-431X","issn":["2073-431X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Computers","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6200000047683716,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4388694846.pdf"},"referenced_works_count":35,"referenced_works":["https://openalex.org/W1442778688","https://openalex.org/W1972105418","https://openalex.org/W2019454114","https://openalex.org/W2119852587","https://openalex.org/W2185917985","https://openalex.org/W2276116027","https://openalex.org/W2503115827","https://openalex.org/W2512714308","https://openalex.org/W2620487885","https://openalex.org/W2913912901","https://openalex.org/W2981252702","https://openalex.org/W3043486047","https://openalex.org/W3094463643","https://openalex.org/W3094485976","https://openalex.org/W3116842536","https://openalex.org/W3117848542","https://openalex.org/W3168881492","https://openalex.org/W3189611200","https://openalex.org/W3195612455","https://openalex.org/W3213264846","https://openalex.org/W4212937412","https://openalex.org/W4220751473","https://openalex.org/W4224304558","https://openalex.org/W4285593211","https://openalex.org/W4295036596","https://openalex.org/W4296443039","https://openalex.org/W4296991122","https://openalex.org/W4323317130","https://openalex.org/W4376273942","https://openalex.org/W4380367456","https://openalex.org/W4380682042","https://openalex.org/W4384948751","https://openalex.org/W6656937166","https://openalex.org/W6694881047","https://openalex.org/W6729315834"],"related_works":["https://openalex.org/W1883246888","https://openalex.org/W2370114625","https://openalex.org/W2947584067","https://openalex.org/W2062873522","https://openalex.org/W3118510577","https://openalex.org/W3157230915","https://openalex.org/W1756374135","https://openalex.org/W2789975780","https://openalex.org/W2007895524","https://openalex.org/W4390540899"],"abstract_inverted_index":{"Penetration":[0],"testers":[1],"have":[2],"increasingly":[3],"adopted":[4],"multiple":[5,43,140,199],"penetration":[6],"testing":[7],"scanners":[8,201],"to":[9,27,38,135,170,208],"ensure":[10],"the":[11,40,81,100,110,116,121,137,158,163,182,186],"robustness":[12],"of":[13,20,42,75,83,99,123,139],"web":[14,85,213],"applications.":[15,214],"However,":[16],"a":[17,34,50,56,67,143],"notable":[18],"limitation":[19],"many":[21],"scanning":[22,172],"techniques":[23],"is":[24,134,202],"their":[25],"susceptibility":[26],"producing":[28],"false":[29],"positives.":[30],"This":[31,130],"paper":[32],"presents":[33],"novel":[35,68],"framework":[36,54,79,117,165],"designed":[37],"automate":[39],"operation":[41],"Web":[44],"Application":[45],"Vulnerability":[46],"Scanners":[47],"(WAVS)":[48],"within":[49],"single":[51],"platform.":[52],"The":[53,78,92,154],"generates":[55],"combined":[57,159],"vulnerabilities":[58],"report":[59],"using":[60],"two":[61,84],"algorithms:":[62],"an":[63,96,205],"automation":[64],"algorithm":[65,70],"and":[66,89,108,151,177,195],"combination":[69],"that":[71,157,185],"produces":[72],"comprehensive":[73],"lists":[74],"detected":[76],"vulnerabilities.":[77],"leverages":[80],"capabilities":[82],"vulnerability":[86,145,200,210],"scanners,":[87,191],"Arachni":[88,176],"OWASP":[90,111,178],"ZAP.":[91,179],"study":[93,155,183],"begins":[94],"with":[95],"extensive":[97],"review":[98],"existing":[101],"scientific":[102],"literature,":[103],"focusing":[104],"on":[105],"open-source":[106],"WAVS":[107,141],"exploring":[109],"2021":[112],"guidelines.":[113],"Following":[114],"this,":[115],"development":[118],"phase":[119],"addresses":[120],"challenge":[122],"varying":[124],"results":[125,138,173],"obtained":[126,174],"from":[127,175],"different":[128],"WAVS.":[129],"framework\u2019s":[131],"core":[132],"objective":[133],"combine":[136],"into":[142],"consolidated":[144],"report,":[146],"ultimately":[147],"improving":[148],"detection":[149,211],"rates":[150],"overall":[152],"security.":[153],"demonstrates":[156],"outcomes":[160],"produced":[161],"by":[162],"proposed":[164],"exhibit":[166],"greater":[167],"accuracy":[168],"compared":[169],"individual":[171,190],"In":[180],"summary,":[181],"reveals":[184],"Union":[187],"List":[188],"outperforms":[189],"particularly":[192],"regarding":[193],"recall":[194],"F-measure.":[196],"Consequently,":[197],"adopting":[198],"recommended":[203],"as":[204],"effective":[206],"strategy":[207],"bolster":[209],"in":[212]},"counts_by_year":[{"year":2026,"cited_by_count":6},{"year":2025,"cited_by_count":17},{"year":2024,"cited_by_count":5}],"updated_date":"2026-05-21T06:26:12.895304","created_date":"2025-10-10T00:00:00"}