CFP last date
20 May 2025
Call for Paper
June Edition
IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2025

Submit your paper
Know more
The week's pick
Responsive image
Disease Detection in Tea Leaves: A Hybrid Model Using YOLOv7 and DCNN

Md Zahidul Kabir Md Sourav Hossen Sumiya Kaisar Keya
Random Articles
Reseach Article

Historical Evolution of Security Testing for Web Applications

by Maxwell Francis
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 186 - Number 82
Year of Publication: 2025
Authors: Maxwell Francis
10.5120/ijca2025924757

Maxwell Francis . Historical Evolution of Security Testing for Web Applications. International Journal of Computer Applications. 186, 82 ( Apr 2025), 14-17. DOI=10.5120/ijca2025924757

@article{ 10.5120/ijca2025924757,
author = { Maxwell Francis },
title = { Historical Evolution of Security Testing for Web Applications },
journal = { International Journal of Computer Applications },
issue_date = { Apr 2025 },
volume = { 186 },
number = { 82 },
month = { Apr },
year = { 2025 },
issn = { 0975-8887 },
pages = { 14-17 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume186/number82/ijca-submission-historical-evolution-of-security-testing-for-web-applications/ },
doi = { 10.5120/ijca2025924757 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2025-05-01T00:23:13+05:30
%A Maxwell Francis
%T Historical Evolution of Security Testing for Web Applications
%J International Journal of Computer Applications
%@ 0975-8887
%V 186
%N 82
%P 14-17
%D 2025
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Dynamic Application Security Testing (DAST) has become a core practice in modern cybersecurity, particularly for securing web applications, one of the most common modern software types. This research explores the historical evolution of web application security testing resources and publications over time. A key focus is the chronological focus of these works and the narrative this talks to in regard to security testing. This study fills a gap in academic literature, as meta-analyses of technical security testing methodologies and related published works are uncommon. The only comparative work that was discovered was Doğan Et al.’s 2014 ‘A survey on web penetration test’. This work looked at this topic from a quantitative Structured Literature Review (SLR) approach and although effective in answering research questions, the overall study looked more to academic research trends in web security. This research expands on this to rather focus on the historical evolution over time of web security outside of academia. Findings indicate that the late 90’s, specifically around 1997, is where we see the first formal publications primarily for web security.Most formalized methodologies, training, groups and best practices for web application DAST formed between 2002 to 2008, with the use of static published guides and community knowledge being the learning standard until the mid-2010’s when the rise of cyber learning and development platforms began maturing. We have plotted a chronological line of these events to better understand this evolution. The study highlights a shift from static information-sharing mediums (whether online or print) to dynamic, web-based platforms (platforms, source-code community publications) in response to the rapidly changing security landscape. This has allowed improved the ability to access information from centralised locations rather than having to collate web security resources but also has increased the level of commercialisation due to subscriptions and courses within platforms being an increasingly popular source for web security testing thought leadership and training. This research contributes to the academic understanding of how web application security testing has evolved over time, allowing for expansion for future analysis of application security testing, particularly in evolving education trends and methodologies.

References
  1. C. E. Landwehr, "History of US Government Investments in Cybersecurity Research: A Personal Perspective," in 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA , 2010.
  2. E. Dilipraj, "Hacking - Tracing the History: What Can India Do with Its Hackers?," Liberal Studies 1 Liberal Stud, vol. 1, no. 2, pp. 239-258, 2016.
  3. K. De Leeuw and J. Bergstra, The History of Information Security - A Comprehensive Handbook, Amsterdam: Elsevier B.V, 2007. Tavel, P. 2007 Modeling and Simulation Design. AK Peters Ltd.
  4. S. Levy, Hackers: Heroes of the Computer Revolution, New York City: Anchor Press, 1984.
  5. C. o. t. D. C. H. t. O. H. S. M. J. S. t. World, Menn, Joseph, PublicAffairs, 2019. Brown, L. D., Hua, H., and Gao, C. 2003. A widget framework for augmented interaction in SCAPE.
  6. S. Doğan, A. Betin-Can and V. Garousi, “Web application testing: A systemic literature review” Journal of Systems and Software, vol. 91, pp. 174-201, May. 2014, doi: 10.1016/j.jss.2014.01.010
  7. G. Spafford and S. Garfinkel, Web Security, Privacy & Commerce, Sebastopol: O'Reily , 1997.
  8. J. Scambray and M. Shema, Hacking Exposed: Web Applications, New York: McGraw-Hill Osborne Media, 2002.
  9. M. Andrews and J. Whittaker, How to Break Web Software: Functional and Security Testing of Web Applications and Web Services, Boston: Addison-Wesley Professional, 2006.
  10. D. Stuttard and M. Pinto, The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws, Wiley, 2007.
  11. P. Hope and B. Walther, Web Security Testing Cookbook, Sebastopol: O'Reilly Media, 2008.
  12. C. s. E. newlines., "CGI security: Escape newlines.," 5 Feb 1996. [Online]. Available: https://seclists.org/bugtraq/1996/Feb/16.
  13. The OWASP Foundation, "The OWASP Testing Project," The OWASP Foundation, Maryland, 2004.
  14. andrewwmuller, "Commit 8193439 - Create 4.2.10 Map Application Architecture (OTG-INFO-010).md," 1 Sep 2015. [Online]. Available: https://github.com/OWASP/OWASP-Testing-Guide/commit/8193439baa2359d79fc59f8084c8d3222d7abd67.
  15. The OWASP Foundation, "OWASP Web Security Testing Guide," 2020 (4.2 release). [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/. [Accessed March 2025].
  16. Tryhackme Ltd, "TryHackMe Cyber Training," Tryhackme Ltd, 2018. [Online]. Available: https://tryhackme.com. [Accessed 03 2025].
  17. Hack The Box Ltd, "All About Hack The Box," Hack The Box Ltd, 2017. [Online]. Available: https://www.hackthebox.com/about-us. [Accessed March 2025].
  18. Offensive Security Ltd., "Penetration Testing with Backtrack v3.2," 2010. [Online]. Available: https://theswissbay.ch/pdf/Whitepaper/Penetration%20Testing%20with%20BackTrack%20%28Lab%20Guide%29%20v3.2%20-%20Offensive%20Security.pdf. [Accessed 2025].
  19. J. Hammond, "HackThisSite," 13 October 2003. [Online]. Available: http://web.archive.org/web/20031212033008/http://www.hackthissite.org/. [Accessed March 2025].
Index Terms

Computer Science
Information Sciences

Keywords

Security Testing Methodology Web Application

Powered by PhDFocusTM