Evaluation of methodologies in web application security: A systematic literature review (#526)

Authors

Quesquen Farroñay, Jose Alfredo

Bances Quevedo, Jhair Julio

Garces Rosendo, Eduardo Jesús

Osores Granda, Oscar Enrique

Abstract

The increasing reliance on web applications in organizations requires effective protection of sensitive data to maintain user trust. However, the diversity of methodologies to evaluate the security of these applications makes it difficult to select the most effective ones, exposing them to vulnerabilities such as SQL injection and Cross-Site Scripting attacks. This study aimed to analyze how static and dynamic analysis methodologies, together with automated and manual tools, contribute to identifying and mitigating these vulnerabilities. Through a systematic review of the literature, structured under the PICO technique, searches were carried out in databases such as Scopus, obtaining 1,279 initial documents. Through a PRISMA flowchart and considering the inclusion and exclusion criteria, 53 final studies were selected for analysis. The results highlight the need to develop standardized criteria that facilitate the choice of more effective methodologies to guarantee the security of web applications. However, a lack of consensus on optimal approaches was identified, representing a significant challenge for security professionals. In conclusion, although there are promising tools and methods, the diversity and absence of standardization limit their practical implementation, evidencing the importance of new research to close these gaps and move towards safer web environments.