Vulnerability assessment of web applications - a testing approach

Cyber security is becoming an important aspect in every industry like in banking sector, power and automation sectors. Servers are critical assets in these industries where business critical sensitive data is stored. These servers often incorporates web servers in them through which any business data and operations are performed remotely. Hence, it is obvious that for a reliable operation, security of web servers is very imperative. This paper provides a new testing approach for vulnerability assessment of web applications by means of analyzing and using a combined set of tools to address a wide range of security issues. We demonstrate the vulnerability assessment tests of a web application by using combination of W3AF and Nikto tools. It shows how with a combination of tools, one can increase the vulnerability testing coverages for web applications, considering the OWASP Top 10 [1] based threat modelling of web applications.