Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Open Access Guideline
Open Access Guideline
Postgraduate Thesis Guideline
Postgraduate Thesis Guideline
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
A COMPARATIVE EVALUATION OF COMMERCIAL AND OPEN-SOURCE DYNAMIC APPLICATION SECURITY TESTING TOOLS
Download
e222445 Term Project.pdf
Date
2026-1-09
Author
Şahin, Emre Can
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
121
views
244
downloads
Cite This
Web applications are central to our daily lives, used frequently in every aspect of our lives, from banking and shopping to public services and healthcare. However, their increasingly complex structures make them an attractive target for cyberattacks. To protect them against these attacks, Dynamic Application Security Testing (DAST) tools are used to identify vulnerabilities in web applications. In this study, five DAST tools, selected according to specific criteria, were compared on two applications under both authenticated and unauthenticated scenarios. The identified vulnerabilities were examined according to OWASP Top Ten 2025 categories. The results showed that authenticated scans detected more and more serious vulnerabilities. This study also determined the requirements that an effective DAST tool should have and analyzed which of the selected DAST tools met these requirements. In addition, this study examined which OWASP Top Ten 2025 categories each DAST focused on. Based on the data obtained, it has been concluded that no single tool can detect all vulnerabilities, and that for comprehensive and long-term security, DAST tools should be used in conjunction with SAST and IAST methods.
Subject Keywords
Dynamic Application Security Testing (DAST), Web Application Security, OWASP Top 10, Vulnerability Detection, Authenticated Scanning, Web Vulnerability Scanners
URI
https://hdl.handle.net/11511/118341
Collections
Graduate School of Informatics, Term Project
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
E. C. Şahin, “A COMPARATIVE EVALUATION OF COMMERCIAL AND OPEN-SOURCE DYNAMIC APPLICATION SECURITY TESTING TOOLS,” M.S. - Master Of Science Without Thesis, Middle East Technical University, 2026.
