Article Per Year (5 Year)
p-Index From 2020 - 2025
0.23
P-Index
This Author published in this journals
All Journal JOURNAL OF APPLIED INFORMATICS AND COMPUTING
Imtias, Muhamad Bunan
Unknown Affiliation
Computer Science & IT

Published : 1 Documents Claim Missing Document
Claim Missing Document
Check
Articles

Found 1 Documents
Search

 1 
Comparative Analysis of Penetration Testing Frameworks: OWASP, PTES, and NIST SP 800-115 for Detecting Web Application Vulnerabilities Imtias, Muhamad Bunan; Umam, Khothibul; Mustofa, Hery; Subowo, Moh Hadi
Journal of Applied Informatics and Computing Vol. 9 No. 6 (2025): December 2025
Publisher : Politeknik Negeri Batam

Show Abstract | Download Original | Original Source | Check in Google Scholar | DOI: 10.30871/jaic.v9i6.9846

Abstract

Web application security faces increasingly complex challenges as digital architectures evolve, necessitating the selection of appropriate and effective penetration testing methods. This study presents a comparative analysis of the OWASP Testing Guide, PTES, and NIST SP 800-115 frameworks in detecting web application vulnerabilities. Through experiments on DVWA and OWASP Juice Shop, the frameworks were evaluated based on detection speed, vulnerability count, and severity. The results highlight a clear trade-off: OWASP proved the most efficient (85 minutes average, 59 total vulnerabilities), making it ideal for rapid assessments. PTES demonstrated the most comprehensive technical depth (63 vulnerabilities, highest severity) but required the most time, while NIST SP 800-115 (49 vulnerabilities) excelled in compliance and risk management integration. The study recommends selecting OWASP for efficiency, PTES for deep technical audits, and NIST for regulatory alignment.
Co-Authors Khothibul Umam Mustofa, Hery Subowo, Moh Hadi