Viegas, Carlos Manuel DiasAzevedo, Daniel Galvão de2018-12-262021-10-062018-12-262021-10-062018-12-10AZEVEDO, Daniel Galvão de. Um estudo sobre ferramentas de busca de vulnerabilidades em aplicações web. 2018. 60f. Trabalho de Conclusão de Curso (Graduação em Engenharia de Computação) - Centro de Tecnologia, Departamento de Engenharia de Computação e Automação, Universidade Federal do Rio Grande do Norte, Natal, 2018.https://repositorio.ufrn.br/handle/123456789/43644With the advent of the Internet, people and businesses have become dependent on web applications. In view of this, it is necessary to safely develop these applications, since the impact caused by a security flaw continues increasing, as a consequence of this dependence. Linked to this, the number of hackers is also increasing rapidly. Thus, to ensure this security, methods such as good development practices and penetration testing (pestest) are used. In these two cases, web vulnerability scanner tools are widely used, mainly for black-box type tests. However, even these tools need to be well-selected in order to achieve the expected goal. This work aims to evaluate some of the main open-source Web Vulnerability Scanners, such as ZAP, Paros, SkipFish and Vega. These scanners were run on two intentionally vulnerable web applications and the produced Reports were compared with the list of vulnerabilities of each application. Besides, a brief explanation of the tools and main vulnerabilities addressed in the practices are given, and the scenarios used and the data obtained are shown below. Finally, positive and negative points of each tool are shown, difficulties encountered and ideas for better results with future works.Attribution-NonCommercial-NoDerivs 3.0 Brazilhttp://creativecommons.org/licenses/by-nc-nd/3.0/br/Segurança da informaçãoFerramentas de varredura de vulnerabilidadesAplicações webbachelorThesis