Web applications are of critical importance in today's digital landscape. This means their security is of equal importance both for the users and owners of these applications. However, the increasing complexity and variety of technologies used for building web applications coupled with the diverse threats posed by cyber attacks makes identifying and addressing vulnerabilities a challenging prospect. This study looks into using OWASP ZAP, a web vulnerability scanner, for this very purpose for three different applications hosted locally.

This is done using a systematic approach where vulnerabilities are identified through scans and analyzed for impact and risks, after which they are addressed through targeted patches. During the patching process, applications are re-scanned to ensure the effectiveness of the implemented solutions (and disappearance of alerts). This process highlights recurring vulnerabilities that are common across the three investigated applications. This includes universal, well-known web application vulnerabilities like Cross-site scripting (XSS), SQL injection and insecure configurations.

The findings demonstrate the usefulness of using web vulnerability scanners for streamlining the detection and patching process of security risks in modern  applications. It also emphasizes the importance of not overlooking secure coding practices, implementing robust configurations and not treating security as an afterthought. It presents actionable recommendations which provides developers with practical insights into using automated scanning tools as a routine part of their workflow, contributing to stronger web application security.