Vulnerability Assessment and Penetration Testing of Demo Shopping Website for Understanding Top 10 OWASP -2017 Risks

Abstract

Web apps are growing increasingly popular, and their usage in the commercial area is expanding. Since they are vulnerable to carefully designed web attacks, web security research is becoming more critical. As a result, the Open Online Application Security Project (OWASP) established the OWASP Top 10 listing of the most dangerous web application security risks. This dissertation aims to develop an e-commerce demo web application (N Store) to test the OWASP Top 10 -2017 risk. After that, using four vulnerability assessment tools Burp Suite, OWASP ZAP, Skipfish, and Nikto, evaluate their efficiency using penetration manual testing. This paper also evaluates why the website code has these vulnerabilities using white-box code review testing and discusses the defence methods which can be used to protect the web application from the OWASP Top 10 -2017 vulnerabilities.