DYNAMIC ANALYSIS TECHNIQUES FOR WEB APPLICATION VULNERABILITY DETECTION

Abstract

This paper evaluates dynamic analysis techniques for detecting vulnerabilities, focusing on a hybrid approach that combines automated scanners with manual penetration testing. Dynamic analysis, which examines an application’s behavior during runtime, reveals vulnerabilities that static methods might miss. Automated tools are efficient but often produce false positives and may overlook complex issues, while manual testing, though thorough, is time-consuming and depends on the tester's skill. Our study integrates both methods to create a comprehensive framework, demonstrating that the combined approach enhances detection accuracy and reduces false positives. Results show that manual testing identified more critical vulnerabilities compared to automated tools, and the combined approach achieved a balanced detection rate of 92.31% with a reduced false positive rate of 7.69%. Automated tools were faster, but the hybrid method improved overall effectiveness by leveraging both speed and depth. This research highlights the need for a multifaceted security assessment strategy and provides actionable insights for improving web application vulnerability detection and security practices.