Vulnerability Assessment of Web Applications Using Popular Frameworks (Laravel, Django, React)
Abstract
In this article, we present an experimental-quantitative study on vulnerabilities in modern web applications developed with Laravel, Django, and React. A replicable laboratory was built with VirtualBox and Docker, and OWASP ZAP and Burp Suite were applied, in which vulnerabilities were identified and validated before and after mitigations. The strategy followed good secure development practices (query parameterization, input validation, hardening HTTP headers, CORS control, and secure error handling). An average 67.3% reduction in the risk level and the elimination of critical findings were observed, which demonstrates the efficiency of integrating security into the SSDLC (Software Development Lifecycle). The proposed protocol, aligned with OWASP Top 10 (2021), ISO/IEC 27002:2022, and NIST SP 800-53, is replicable in academic and corporate environments.
Downloads
Metrics
References
Cobalt.io. (2023). Top cybersecurity statistics for 2024. https://n9.cl/xmn1y
Docker. (2024). Docker Compose documentation. https://docs.docker.com/compose/
Doria, S. (2025). What is software security? Analysing and strengthening security efforts in organisations [Tesis de maestría, Universidad de Åbo Akademi].
FIRST. (2019). Common vulnerability scoring system v3.1: Specification document. https://www.first.org/cvss/
FIRST — Forum of Incident Response and Security Teams. (s.f.). CVSS v3.1 specification document. https://www.first.org/cvss/v3-1/specification-document
International Journal on Science and Technology. (2025). Cybersecurity threats in digital banking: A comprehensive analysis. International Journal on Science and Technology, 16(1). https://www.ijsat.org/papers/2025/1/2655.pdf
ISO/IEC. (2022). ISO/IEC 27002:2022 — Controles de seguridad de la información.
Laravel. (2024). Laravel documentation. https://laravel.com/doc
Laravel. (s.f.). Configuration. https://laravel.com/docs/12.x/configuration
National Institute of Standards and Technology. (2020). Security and privacy controls for information systems and organizations. https://doi.org/10.6028/NIST.SP.800-53r5
OWASP Foundation. (2021). OWASP Top 10: 2021. https://owasp.org/Top10/
PortSwigger Ltd. (2024). Burp Suite Community Edition documentation. https://portswigger.net/burp/documentation
ResearchGate. (2025). The impact of digital transformation requirements on risk management. https://n9.cl/z33ps
Software Security Foundation. (s.f.). Security in Django. https://n9.cl/a3ave
Copyright (c) 2025 Jose Neczar Macias Mendoza, Roberto Omar Andrade Paredes, Juan Pablo Cuenca Tapia
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
