Term of Award

Spring 2023

Degree Name

Master of Science, Information Technology

Document Type and Release Option

Thesis (open access)

Copyright Statement / License for Reuse

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.


Department of Information Technology

Committee Chair

Lei Chen

Committee Member 1

Chris Kadlec

Committee Member 2

Yiming Ji


Web applications are important to protect from threats that will compromise sensitive information. Web vulnerability scanners are a prominent tool for this purpose, as they can be utilized to find vulnerabilities in a web application to be rectified. Two popular open-source tools were compared head-to-head, OWASP ZAP and Snort. The performance metrics evaluated were SQLi attacks detected, false positives, false negatives, processing time, and memory usage. OWASP ZAP yielded fewer false positives and had less processing time. Snort used significantly fewer memory resources. The internal workings of ZAP’s Active Scan feature and Snort’s implementation of the Boyer-Moore and Aho-Corasick algorithms were identified as the main processes responsible for the results. Based on the research, a set of future working recommendations were proposed to improve web vulnerability scanning methods.

Research Data and Supplementary Material