Automated versus Manual Approach of Web Application Penetration Testing

Abstract

The main aim of this work is to find and explain certain scenarios that can demonstrate the differences in automated and manual approaches for penetration testing. There are some scenarios in which manual testing works better than automatic scripts/vulnerability scanners for finding security issues in web applications. In some other scenarios, the opposite may be true. The concepts of various web application vulnerabilities have been used for testing, including OWASP1Open Web Application Security Project; online community dedicated to web security Top 10, using both manual and automatic approaches. Automation tools and scripts have been used and tested to see what could potentially go wrong if attackers exploit such vulnerabilities. Also, certain scenarios have been used which determine whether one approach is better than the other for finding/detecting security issues in web applications. Finally, the work concludes by providing results in the form of pros-and-cons of both approaches, which it realises after carrying this out. © 2020 IEEE.