<![CDATA[Web application security faces increasingly complex challenges as digital architectures evolve, necessitating the selection of appropriate and effective penetration testing methods. This study presents a comparative analysis of the OWASP Testing Guide, PTES, and NIST SP 800-115 frameworks in detecting web application vulnerabilities. Through experiments on DVWA and OWASP Juice Shop, the frameworks were evaluated based on detection speed, vulnerability count, and severity. The results highlight a clear trade-off: OWASP proved the most efficient (85 minutes average, 59 total vulnerabilities), making it ideal for rapid assessments. PTES demonstrated the most comprehensive technical depth (63 vulnerabilities, highest severity) but required the most time, while NIST SP 800-115 (49 vulnerabilities) excelled in compliance and risk management integration. The study recommends selecting OWASP for efficiency, PTES for deep technical audits, and NIST for regulatory alignment.]]>
Copyrights © 2025
