An approach to website vulnerability detection based on static and dynamic analysis
This paper proposes an approach to automated website vulnerability detection based on the combination of static and dynamic analysis within a modular scanner architecture. The motivation for this study arises from the growing number of parameterized URLs in modern web applications and, as a conseque...
Gespeichert in:
| Datum: | 2026 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | Ukrainisch |
| Veröffentlicht: |
PROBLEMS IN PROGRAMMING
2026
|
| Schlagworte: | |
| Online Zugang: | https://pp.isofts.kiev.ua/index.php/ojs1/article/view/875 |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| Назва журналу: | Problems in programming |
| Завантажити файл: |  |
Institution
Problems in programming| Zusammenfassung: | This paper proposes an approach to automated website vulnerability detection based on the combination of static and dynamic analysis within a modular scanner architecture. The motivation for this study arises from the growing number of parameterized URLs in modern web applications and, as a consequence, redundant crawling and the high cost of multi-variant testing under limited time and resource budgets in DevSecOps/CI/CD scenarios. The proposed approach is built on a two-stage pipeline: preliminary static analysis of a web resource, which includes sitemap construction by a crawler with depth control, extraction of endpoints, parameters, and input forms, as well as URL template normalization through the generalization of dynamic identifiers; and dynamic vulnerability testing for a normalized set of test points with parallel execution of isolated checks and aggregation of results into machine-readable formats. Quality and performance evaluation metrics are proposed, including precision/recall, the request reduction ratio, and throughput, which enable quantitative assessment of the impact of preliminary normalization and the efficiency of multithreaded processing. The implementation is realized as a Java-based CLI utility with a plugin-based testing model, facilitating extensibility for new vulnerability classes without modification of the core system. Experimental validation was conducted using benchmark vulnerable applications OWASP Juice Shop and OWASP WebGoat, as well as proprietary projects; the results demonstrate a significant reduction in crawler execution time and the achievement of acceptable throughput depending on deployment conditions. The obtained results confirm the effectiveness of combining static structuring of the search space with targeted dynamic checks to improve the scalability and reproducibility of web security analysis.Problems in programming 2025; 4: 41-52 |
|---|