PowerPoint Presentation

A Mapping Study of Security Vulnerability Detection Approaches for Web Applications.

Introduction. Related works. Goal. Outline. Research Questions.

Web Application Security Vulnerabilities. Mapping Study.

Mapping study in web applications security vulnerabilities detection approaches. [Rafique et al.].

Identify, analyze, and synthesize the research published during the last twenty years in web application vulnerability detection..

Paper Selection Strategy. Publication search engine: IEEE Xplore, ACM Digital Library Year range: 2001 - 2021 PICO Population Intervention Comparison Outcomes.

Inclusion Criteria. Research articles were based on empirical evidence related to vulnerability detection methods of web applications.

Classification Scheme and Data Extraction. Attributes Contribution of the paper Research type of the paper Type of testing activity/technique Manual versus automated approach Static web application versus dynamic web application Presented tools in the Vulnerability typ addressed Publication year of citations Research question RQ 4 RQ 9.

Paper Count. Initial retrieve 150 paper Mapped 76 papers.

Results: RQ1. Types of contribution. Paper 10: [2] P. X. Mai, F. Pastore , A. Goknil and L. Briand, "Metamorphic Security Testing for Web Systems," 2020 IEEE 13th International Conference on Software Testing, Validation and Verification (ICST) , 2020, pp. 186-197, doi : 10.1109/ICST46399.2020.00028..

Results: RQ2. Types of research paper.

Results: RQ3. Types of testing techniques.

RQ 4-. 41-full automation.. 11 -fully manual.. Results.

Results: RQ7. Detection of security vulnerabilities from OWASP top 10.

Results: RQ8, RQ9. Paper 46: [3] J. Bau , E. Bursztein , D. Gupta and J. Mitchell, "State of the Art: Automated Black-Box Web Application Vulnerability Testing," 2010 IEEE Symposium on Security and Privacy , 2010, pp. 332-345, doi : 10.1109/SP.2010.27.

OWASP top ten vulnerability. Test oracle. Threats to the validity.

Thank You!.