A HYBRID APPROACH TO DETECT SECURITY VULNERABILITIES IN WEB APPLICATIONS

The presence of security flaws allows deceitful operators to exploit web application weaknesses. The researcher brings a novel vulnerability assessment technique in this study that can enhance exposure detection rates while also improving efficiency by lowering the number of test results that reports the presence of a condition wrongly and tests result that implies the absence of a condition when it is actually present. The purpose of the experiment is on a cutting-edge tool that uses a hybrid method that combines white-box and black-box testing practices. The amalgamation in building the hybrid algorithm is not done blindly as it is based on extraordinary aspects like optimization and complexity amid others to make bigger effectivity. The algorithm viably identifies SQL injections, XSS injection and can be utilized in any genuine application that run on a web server, wherever the client and the database interrelates. Crawling and parsing to discover vulnerabilities are part of the scanning process. The process is done repeatedly until all vulnerabilities have been discovered. A prototype was done to test and validate the hybrid method. Simulation was done using a tool developed in Python and the researcher included in this paper a comparison table and graph that pits the new scanner versus two other web-based scanners.