COMPARATIVE STUDY OF SCANNING TOOLS APPLIED TO INSTITUTIONAL WEBSITES - CASE STUDY

Abstract

As cyber threats continue to rise, public institutional systems face greater risks and require strategies for threat detection and risk mitigation. This trend highlights the ongoing need to adopt improved techniques for identifying and mitigating vulnerabilities. One approach to automatic vulnerability detection is the use of Web Vulnerability Scanning Tools. Among the available options, open-source scanners stand out as accessible and effective alternatives for institutions seeking digital security without high implementation costs. This study compares the vulnerability scanning reports of a public university’s institutional website using three free tools—ZAP, Skipfish, and Wapiti—alongside the commercial software Burp Suite. Through this evaluation, the study aims to determine whether free vulnerability scanners can sufficiently automate the detection process in institutional web applications. In this way, it seeks to contribute to the establishment of best practices in digital security within this context.