Web-application Security Evaluation as a Service with Cloud Native Environment Support

Abstract

This paper describes an approach automating the vulnerability scanning and security testing with the cloud-native solution, which provides a self-contained environment that spins up the scanners and configuration settings in a single click. With the advancement of technology, it's hard to say a web application is 100% secure from vulnerabilities and attacks from the outside world. So it is a must to confirm the security of the applications. If the sensitive data, it holds leaked to the hackers or intruders, it can even harm a whole nation. There are security scanning scanners and standards introduced by the security bodies. Web security testers are consuming a considerable amount of time to do the manual testing on web application security testing because of the configurations and the environments set up is a time-consuming work. This advanced research tool is capable of running a dynamic security scan and do a dependency check as a package to identify the security loopholes without any prior knowledge on security testing. This paper presents test results and evaluation results to prove the proposed concepts.