ІНТЕГРАЛЬНИЙ МЕТОД ОЦІНЮВАННЯ РІВНЯ КІБЕРЗАХИЩЕНОСТІ ВЕБ- ЗАСТОСУНКІВ НА ОСНОВІ АГРЕГУВАННЯ РЕЗУЛЬТАТІВ СКАНУВАННЯ

Saved in:
Bibliographic Details
Title: ІНТЕГРАЛЬНИЙ МЕТОД ОЦІНЮВАННЯ РІВНЯ КІБЕРЗАХИЩЕНОСТІ ВЕБ- ЗАСТОСУНКІВ НА ОСНОВІ АГРЕГУВАННЯ РЕЗУЛЬТАТІВ СКАНУВАННЯ
Alternate Title: AN INTEGRATED METHOD FOR EVALUATING THE CYBERSECURITY LEVEL OF WEB APPLICATIONS BASED ON THE AGGREGATION OF SCANNING RESULTS.
Authors: Петровська, М. Г.1 kushnirenko@op.edu.ua, Кушніренко, Н. І.1, Троянський, О. В.1
Source: Informatics & Mathematical Methods in Simulation / Informatika ta Matematičnì Metodi v Modelûvannì. 2026, Vol. 16 Issue 2, p353-360. 8p.
Subjects: Penetration testing (Computer security), Risk assessment, Internet security, Web-based user interfaces
Abstract: This article discusses a method for assessing the cybersecurity of web applications, proposed as a comprehensive approach that aggregates the results of OWASP ZAP scans. The growing number of cyberattacks on web applications requires the development of effective methods for assessing their security. Modern automated scanning tools can detect a significant number of potential vulnerabilities; however, their scan results are presented as a disparate list of issues, which makes it difficult to form a comprehensive assessment of the system's security status. Furthermore, existing approaches often produce false positives, which requires additional time for manual verification. This work aims to justify the concept of an integrated method for assessing the cybersecurity level of web applications, which will allow aggregating scan results while accounting for the criticality, density, and context of vulnerabilities, and will generate a comprehensive security score. This research is based on an analysis of existing approaches to web application security (SAST, DAST, IAST, automated scanners, including OWASP ZAP) and the identification of their shortcomings. A concept for a mathematical model of integral assessment is proposed, which will include the calculation of baseline risk based on the weighted sum of vulnerabilities, accounting for vulnerability density via the indicator D, the context coefficient C, and normalization to a Security Score scale of 0-10. The feasibility of a two-level assessment model is justified: (1) calculation of the integral indicator; (2) application of additional interpretation rules--limiting the assessment in the presence of critical vulnerabilities, determining the priority of remediation, and categorical analysis (injections, authentication issues, access control violations, configuration errors). The scientific novelty lies in the justification of a comprehensive approach that proposes combining criteria of vulnerability density, usage context, the critical threshold rule, and categorical analysis to form a generalized security assessment of web applications. [ABSTRACT FROM AUTHOR]
Copyright of Informatics & Mathematical Methods in Simulation / Informatika ta Matematičnì Metodi v Modelûvannì is the property of Odessa Polytechnic University and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database: Engineering Source
FullText Links:
  – Type: pdflink
Text:
  Availability: 0
Header DbId: egs
DbLabel: Engineering Source
An: 194964090
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 0
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: ІНТЕГРАЛЬНИЙ МЕТОД ОЦІНЮВАННЯ РІВНЯ КІБЕРЗАХИЩЕНОСТІ ВЕБ- ЗАСТОСУНКІВ НА ОСНОВІ АГРЕГУВАННЯ РЕЗУЛЬТАТІВ СКАНУВАННЯ
– Name: TitleAlt
  Label: Alternate Title
  Group: TiAlt
  Data: AN INTEGRATED METHOD FOR EVALUATING THE CYBERSECURITY LEVEL OF WEB APPLICATIONS BASED ON THE AGGREGATION OF SCANNING RESULTS.
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Петровська%2C+М%2E+Г%2E%22">Петровська, М. Г.</searchLink><relatesTo>1</relatesTo><i> kushnirenko@op.edu.ua</i><br /><searchLink fieldCode="AR" term="%22Кушніренко%2C+Н%2E+І%2E%22">Кушніренко, Н. І.</searchLink><relatesTo>1</relatesTo><br /><searchLink fieldCode="AR" term="%22Троянський%2C+О%2E+В%2E%22">Троянський, О. В.</searchLink><relatesTo>1</relatesTo>
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <searchLink fieldCode="JN" term="%22Informatics+%26+Mathematical+Methods+in+Simulation+%2F+Informatika+ta+Matematičnì+Metodi+v+Modelûvannì%22">Informatics & Mathematical Methods in Simulation / Informatika ta Matematičnì Metodi v Modelûvannì</searchLink>. 2026, Vol. 16 Issue 2, p353-360. 8p.
– Name: Subject
  Label: Subjects
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Penetration+testing+%28Computer+security%29%22">Penetration testing (Computer security)</searchLink><br /><searchLink fieldCode="DE" term="%22Risk+assessment%22">Risk assessment</searchLink><br /><searchLink fieldCode="DE" term="%22Internet+security%22">Internet security</searchLink><br /><searchLink fieldCode="DE" term="%22Web-based+user+interfaces%22">Web-based user interfaces</searchLink>
– Name: Abstract
  Label: Abstract
  Group: Ab
  Data: This article discusses a method for assessing the cybersecurity of web applications, proposed as a comprehensive approach that aggregates the results of OWASP ZAP scans. The growing number of cyberattacks on web applications requires the development of effective methods for assessing their security. Modern automated scanning tools can detect a significant number of potential vulnerabilities; however, their scan results are presented as a disparate list of issues, which makes it difficult to form a comprehensive assessment of the system's security status. Furthermore, existing approaches often produce false positives, which requires additional time for manual verification. This work aims to justify the concept of an integrated method for assessing the cybersecurity level of web applications, which will allow aggregating scan results while accounting for the criticality, density, and context of vulnerabilities, and will generate a comprehensive security score. This research is based on an analysis of existing approaches to web application security (SAST, DAST, IAST, automated scanners, including OWASP ZAP) and the identification of their shortcomings. A concept for a mathematical model of integral assessment is proposed, which will include the calculation of baseline risk based on the weighted sum of vulnerabilities, accounting for vulnerability density via the indicator D, the context coefficient C, and normalization to a Security Score scale of 0-10. The feasibility of a two-level assessment model is justified: (1) calculation of the integral indicator; (2) application of additional interpretation rules--limiting the assessment in the presence of critical vulnerabilities, determining the priority of remediation, and categorical analysis (injections, authentication issues, access control violations, configuration errors). The scientific novelty lies in the justification of a comprehensive approach that proposes combining criteria of vulnerability density, usage context, the critical threshold rule, and categorical analysis to form a generalized security assessment of web applications. [ABSTRACT FROM AUTHOR]
– Name: AbstractSuppliedCopyright
  Label:
  Group: Ab
  Data: <i>Copyright of Informatics & Mathematical Methods in Simulation / Informatika ta Matematičnì Metodi v Modelûvannì is the property of Odessa Polytechnic University and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.)
PLink https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=egs&AN=194964090
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.15276/imms.v16.no2.353
    Languages:
      – Code: ukr
        Text: Ukrainian
    PhysicalDescription:
      Pagination:
        PageCount: 8
        StartPage: 353
    Subjects:
      – SubjectFull: Penetration testing (Computer security)
        Type: general
      – SubjectFull: Risk assessment
        Type: general
      – SubjectFull: Internet security
        Type: general
      – SubjectFull: Web-based user interfaces
        Type: general
    Titles:
      – TitleFull: ІНТЕГРАЛЬНИЙ МЕТОД ОЦІНЮВАННЯ РІВНЯ КІБЕРЗАХИЩЕНОСТІ ВЕБ- ЗАСТОСУНКІВ НА ОСНОВІ АГРЕГУВАННЯ РЕЗУЛЬТАТІВ СКАНУВАННЯ
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Петровська, М. Г.
      – PersonEntity:
          Name:
            NameFull: Кушніренко, Н. І.
      – PersonEntity:
          Name:
            NameFull: Троянський, О. В.
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 04
              Text: 2026
              Type: published
              Y: 2026
          Identifiers:
            – Type: issn-print
              Value: 22235744
          Numbering:
            – Type: volume
              Value: 16
            – Type: issue
              Value: 2
          Titles:
            – TitleFull: Informatics & Mathematical Methods in Simulation / Informatika ta Matematičnì Metodi v Modelûvannì
              Type: main
ResultId 1