MN692 Capstone Project

Cybersecurity-Aware
Website Vulnerability
Scanner for
Accessibility
Compliance

Final Report

Sukhraj Singh (MIT234109)

Migara Nipuna Ranaweera(MIT234154)
Charvi Asodariya(MIT224715)
Harsimran Kaur(MIT230367)
Harmeet Kaur(MIT234360)

Supervisor Name: Ammara Mehmood

Industry Name: APM
Client name: Ahmed Jawad Khan
MN692 Capstone Project Report Page 2 of 51

School of IT and Engineering

Trimester 2 2024

Acknowledgement

As a team we would like to thank Mr. Jawad Khan whose support and the
guidance which was essential to our team throughout the project. His
supportive words and motivation helped us greatly in order to succeed in
this project.

We are also extremely grateful to our supervisor, Ms Ammara Mehmood

for her continuous support, knowledge in the field, and feedback. Her
guidance has been instrumental in shaping the direction of this project
and ensuring its completion.

Thank you both for your unwavering support and belief in this project.

Signature of Students:

Migara

Harmeet

Charvi
Simran

Sukhraj

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 3 of 51

Date of Submission of Report: 29/09/2024

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 4 of 51

Table of figures

Figure 1 Web application design flowchart diagram.................................8

Figure 2 Flowchart of tool integrated in Linux..........................................9
Figure 3 AWS Implementation figure.......................................................15
Figure 4 AWS Implementation figure.......................................................15
Figure 5 AWS Implementation figure.......................................................16
Figure 6 AWS Implementation figure.......................................................16
Figure 7 AWS Implementation figure.......................................................17
Figure 8 AWS Implementation figure.......................................................17
Figure 9 AWS Implementation figure.......................................................18
Figure 10 Ubuntu apt-get update command............................................18
Figure 11 python3 installation.................................................................19
Figure 12 flask flask-core installation......................................................19
Figure 13 Installing Node Interpreter......................................................20
Figure 14 Installing Node JS....................................................................20
Figure 15 Installing web scanner tool......................................................21
Figure 16 Installing npm axios.................................................................21
Figure 17 Installing pip flusk....................................................................22
Figure 18 Installing ZAP Proxy.................................................................22
Figure 19 Installing Nikto........................................................................23
Figure 20 Installing Nikto........................................................................23
Figure 21 Installing Lighthouse...............................................................23
Figure 22 Setting up backend app in flask...............................................24
Figure 23 Setting up backend app in flask...............................................24
Figure 24 HTML Coding for the web application.....................................25
Figure 25 CSS code..................................................................................25
Figure 26 Web app testing.......................................................................26
Figure 27 Home Page of the web application..........................................26
Figure 28 Scanning for vulnerabilities.....................................................27
Figure 29 Results of the web application.................................................27
Figure 30 Accessibility scanning..............................................................28
Figure 31 Scan for history........................................................................28
Figure 32 Desktop of the Tool..................................................................29
Figure 33 Other supportive module in the tool........................................29
Figure 34 Home page of the scanning tool..............................................30
Figure 35 Add web page window.............................................................30
Figure 36 Website add Completion..........................................................31
Figure 37 Showing the available website after adding it to the tools......31
Figure 38 Vulnerability scanning options window...................................32
Figure 39 Cross site scripting scan window.............................................32
Figure 40 Scan results window................................................................33
Figure 41 Accessibility scan window........................................................33
Figure 42 Accessibility scan results.........................................................34
Figure 43 Python Code for buttons in home page....................................34
Figure 44 Accessibility scan window code...............................................35
Figure 45 Accessibility scan window and saving log python code...........35

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 5 of 51

Figure 46 Add website window code........................................................36

Figure 47 remove website coding............................................................36
Figure 48 Vulnerability scan window coding...........................................37
Figure 49 Cross site scripting scan coding..............................................37
Figure 50 Other vulnerability scanning results........................................38
Figure 51 Accessibility scanning window code........................................38
Figure 52 Accessibility scanning window code........................................39
Figure 53 Accessibility scanning window code........................................39

Table 1 Table of roles and responsibilities...............................................10

Table 2 Weekly Plan Table........................................................................13
Table 3 Software requirement table.........................................................13

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 6 of 51

Table of Contents
Acknowledgement.......................................................................................2
Table of figures...........................................................................................3
Abstract.......................................................................................................6
1. Introduction..........................................................................................7
2. Project Detailed Design........................................................................7
2.1 Summary of Literature Review......................................................7
2.2 Objectives of the Project................................................................7
2.3 Detailed Design..............................................................................8
3. Roles and Responsibilities and Weekly Activities...........................10
4. Project Implementation and Evaluation..........................................15
3.3 Implementation of Web Application and Linux based system.....15
3.4 Testing..........................................................................................40
3.5 Results of the Project...................................................................40
3.6 Discussions/Analysis....................................................................41
4 Conclusions........................................................................................41
References................................................................................................42

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 7 of 51

Abstract

This project is centred on building a website vulnerability scanner that is

compliant with the cybersecurity best practices and is accessible to
people with disabilities. The tool conducts a security assessment through
OWASP ZAP and Nikto whereby the tool can identify various
vulnerabilities such as SQL injection vulnerability and cross-site scripting
vulnerability, and an accessibility assessment using Axe-core and
Lighthouse. These tools assist in guaranteeing that Web applications not
only cover the security issues but also provide an accessible Web to
WCAG- statutory Web accessibility guidelines for people with disabilities.

During the course of the project scanner was used in different scenarios,
and in all these the scanner was able to detect both the security flaws
and the accessibility problems. Another advantage of the system was that
it reported had the capability of presenting a full report that integrated
both the findings of the security and the accessibility scans developers
could easily understand and make the necessary adjustments. These
reports also remain very important when setting priorities of remediation
and when ensuring web applications are safe and accessible to everyone.

In view of the project’s result, one can discuss the need to consider both
cybersecurity and accessibility issues when designing websites.
Therefore, the tool that addresses such dual concerns not only improves
the effectiveness in terms of security and use of web applications, but
also positively contributes to the solution of the problem of protection
and non-discrimination in the development of the web environment. This
project proves the possibility and efficiency of combining those two
essential components into a single and effective tool which will bring a
value to numerous companies and organizations which are interested in
the protection and optimization of their online profiles.

For further scanning and to enable the user to customize the results this
tool is also built into a Linux system which uses Python, Nikto, ZAP,
Lighthouse and NMAP to scan for vulnerabilities and accessibility of the
website and provide the user with the vulnerability and the security
features which are missing.

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 8 of 51

1. Introduction

The world's evolution from a physical to a digital space has made humans
more dependent on web-based applications. Evolution has affected the
threat of evolving with technology. Therefore, website security and
vulnerability assessment are required to build a safe web space. It begins
by reviewing some of the methodologies that exist for vulnerability
assessment, including a few approaches to the identification and removal
of weaknesses in Websites. This leaves the space for website
vulnerability scanners to be developed to scan for vulnerabilities and
asses the website's threat level.
The reason for this is website vulnerability scanning tools can be a
platform to scan for security threats and provide users with remedies;
therefore, scanning and crawling takes place an important place in web
security [1]. By implementing these remedies, security engineers can
improve the organization's security. VAPT, in the sense of Vulnerability
Analysis and Penetration Testing, can be used to improve web application
security and scan for accessibility issues. This has, therefore, been an
essential comprehensive way of protecting web integrity and security in
digital times. [3]

2. Project Detailed Design

2.1 Summary of Literature Review
The recent increase in the use of web applications has brought out the
necessity for better cybersecurity and accessibility adherence. The
research done by Andronescu et al. (2023) support the idea that using
tools like OWASP ZAP or Nikto, NMAP and Lighthouse which help
discover various web vulnerabilities and accessibility issues such as SQL
injections or cross site scripting’s also accessibility issues such as visual
impairments, auditory impairments and cognitive impairment. These
tools help you to detect and prevent security threats early enough.
Moreover, accessibility compliance is very important as indicated by
Caldwell et al. (2008), who explain how tools like Axe-core ensure that
WCAG guidelines are adhered to. Integrating all this into a holistic
framework will enable developers create secure and accessible web
applications hence dealing with any form of security risks as well as
catering for inclusiveness.

2.2 Objectives of the Project

The "Cybersecurity-Aware Website Vulnerability Scanner for

Accessibility Compliance" project intends to design an all-inclusive
mechanism that can help users in recognizing cyber threats alongside
web accessibility issues. The system automates the identification of
security challenges including SQL injections and cross-site scripting

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 9 of 51

(XSS) as well as adheres to web accessibility standards such as WCAG

using Python, JavaScript and various scanning tools. Besides, it
generates in-depth reports that assist organizations improve on the
security and accessibility of web applications. The scanner will be hosted
on cloud services like Amazon Web Services (AWS) or Google Cloud
Platform (GCP). To allow the user to have more customized scanning and
make the scanning more advanced it requires the tool to be integrated
into a Linux based system.

2.3 Detailed Design

The elements of the “Cybersecurity-Aware Website Vulnerability Scanner

for Accessibility Compliance” development involve creating a tool that
assists users to scan websites for cybersecurity and accessibility
problems. This Web platform will be developed on Python, JavaScript and
require some scanning tools and it will be hosted on AWS or GCP. [2]
Also the Linux based tool will be based on Ubuntu LTS 20.0 and the
technologies used are Python, Nikto, NMAP and for and Glade for user
interface designing.

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 10 of 51

2.3.1 Block Diagram of Web Application

Figure 1 Web application design flowchart diagram.

2.3.2 Block Diagram of Tool Integrated in Linux System

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 11 of 51

Figure 2 Flowchart of tool integrated in Linux

2.3.3 Detailed Design Explanation

Security Scan Module: OWASP ZAP and Nikto tools are two web tools
used to identify vulnerabilities like SQL injection, cross-site scripting,
etc. OWASP ZAP Integration: In the last function, the ZAP API is
employed to perform the scanning automatically and to obtain the
outcomes. [6] Nikto Integration: Scan run via CLI and result parsing.
Accessibility Scan Module: Axe-core and Lighthouse used to scan for
accessibility problems according to WCAG. [7] Axe-core Integration:
Performs accessibility tests with the help of the Axe-core tool and obtain
comprehensive information about the problems. Lighthouse Integration:
Conducts assessment on the efficiency, usability, and search engine
optimization. Reporting Module: Gathers all the outcomes of the modules
and synthesizes them into a single report that shows the security and
accessibility problems.

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 12 of 51

3. Roles and Responsibilities and Weekly Activities

3.1 Roles and Responsibilities

Name Roles Responsibilities

Sukhraj Project Manager Oversees project progress, ensures
milestones are met, coordinates team
activities, communicates with
stakeholders.
Harsim Frontend Develops user interfaces using HTML,
ran Developer CSS, JavaScript, creates wireframes,
integrates frontend with backend.
Harmee Accessibility Ensures website meets accessibility
t Expert standards, conducts accessibility testing,
provides recommendations for
improvements.
Migara Network Develops tool integrated in to the Linux
Engineer system Based using Python and Django,
manages database schema, implements
user authentication, ensures network
security and performance.
Charvi Security Expert Identifies security vulnerabilities,
implements security measures, conducts
security testing, ensures compliance with
security standards.

Table 1 Table of roles and responsibilities

3.2 Weekly activities

Week 1: Project Kickoff

Understand what the project needs to achieve, what needs to be done and what
is expected at the end of the project. Hold meetings with the team to discuss
and ensure that the project and its goals are created and agreed on.
[8]

Week 2: System Architecture

List out the general and specific characteristics as well as specific
specifications. Confirm and source for required software and hardware
requirement. Prepare the first set of documents defining the approach to design
the system and its necessary features.

week 3: initial design report

Prepare and submit the first design report on the system’s characteristics and
structure. Review the goals and design with the team members.

Week 4: Implementation Begins

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 13 of 51

Start on major features that should be developed and perform initial system
integration. Preferentially develop the basic factors for future expansion.

Week 5: Feature Development

It is recommended to complement and include other features apart from the
fundamental ones into the product. Pay attention to the data management
procedures as well as integration of the systems.

Week 6: Preliminary Testing

Pre-testing is recommended prior to airing it to look for problems. Remedial
actions should be taken for any issues that might hinder the proper working of
the system. [9]

Week 7: Comprehensive Testing

Carry out a series of tests for security and the methods of data capture. Solve
all the problems that may affect the stability and reliability of the system.

Week 8: System Refinement

Modify the system according to the results of intensive corresponding tests.
Promote more security features as well as raise the functionality rate.

Week 9: Draft Final Report

Prepare a framework of the final project report to include the design,
implementation and testing of the project. [10]

Week 10: Finalize Report

The last steps of the project are also reviewing and finalizing the project report.
This means that all the documentations should be accurate and complete.

Week 11: Report Submission

Hand in the final report on the assigned topic. Tackle any final conditions and
confirm that the entailed outputs are made.

Week 12: Project Presentation

Submit and plan the project along with the result to the client and the
supervisor. Assess results and explicate what can be done to enhance the
project or what to do next.

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 14 of 51

3.1 Weekly Plan

Week Tasks
Week 1 - Decide on a project topic and set specific goals.
- Hold meetings with the supervisor and project team to write and decide
on the project plan, which includes specifying the deliverables,
milestones, and scope.
Week 2 - Describe the intended features and technical requirements before
starting the system's design.[11]
- Verify and acquire the software and hardware resources required for the
project.
- Create the first documentation pertaining to the design parameters and
system requirements.
Week 3 - Finish and turn in the initial design report, which includes a description
of the features and architecture of the system.
- This report ensures that everyone in the team is aware of the goals and
design of the system, acting as a fundamental guide for the development
phase.
Week 4 - Commence the phase of system implementation, concentrating on the
development of essential features and preliminary system integration
according to the design report.
- Give top priority to assembling the essential elements that will enable
future advancements.
Week 5 - Continue developing by including new features in addition to the
essential ones.
- Determine how data will be gathered, and make sure the system is
properly integrated with all planned features.
Week 6 - Preliminary Examination When implementation is almost complete,
start preliminary testing to find and fix any problems.
- As issues arise, take care of them to guarantee the system performs as
planned.
Week 7 - All-Inclusive Examination Perform extensive system testing, paying
particular attention to confirming data collecting procedures and security
protocols.
- To guarantee the robustness and dependability of the system, take
immediate action to resolve any problems found during this phase.

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 15 of 51

Week 8 - Improvement of System Adjust the system in response to input from

thorough testing.
- Adjust strengthen security features and increase system performance
while making sure the system satisfies all necessary requirements for
functionality and standards.[12]
Week 9 - Composing the Complete Report Create a draft of the project report that
includes comprehensive descriptions of the phases related to design,
implementation, and testing.
- Make sure the report provides a detailed record of the development
process and results, covering every facet of the project.
Week 10 - Completing the Project Report in Week 10 Make sure all documentation
is correct and comprehensive when you review and finish the project
report.
Verify thoroughly that all report sections are in order and that any
inconsistencies or mistakes have been fixed.
Week 11 - Submission of the Final Report Send in the completed project report,
taking care of any unforeseen problems.
- Make sure every deliverable is finished and satisfies the criteria and
requirements of the project.
Week 12 - Project Delivery Get the project ready and offer it to the client and
supervisor.
- Examine the project's outcomes, have a conversation about them, and
consider possible changes or next actions.[13]

Table 2 Weekly Plan Table

3.4 Software Requirements

Category Software Description

Development
Environment
Python Backend development
JavaScript Client-side scripting
Django High-level Python framework
PostgreSQL or MySQL Database management
Visual Studio Code Code editor
PyCharm Integrated development
environment for Python
Postman API testing
Glade User interface development
Linux Base system to run the tool
VMware Workstation ESXI to run the Linux System

Security
SSL/TLS Certificates Secure communication
Django Allauth User authentication
Testing
Pytest Test framework for Python
Selenium Automated web testing

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 16 of 51

OWASP ZAP Security testing

DVWMA Test the tool
Accessibility
Axe Accessibility Checker Testing accessibility issues
WAVE (Web Evaluating web content
Accessibility Evaluation accessibility[14]
Tool)

Table 3 Software requirement table

3.5 List of hardware requirements

3.5.1 Web application hardware requirements

Computing Hardware
 CPU: Multi Core processor (Intel i5, AMD Ryzen 7/9).
 GPU: High-end GPU.
 RAM: 16 GB
 Storage: SSDs with at least 500 GB capacity. [15]

Networking Equipment
 High-Speed Internet: For downloading datasets and
real-time monitoring.
 Network Interface Card (NIC): High-speed (40 Mbps).

3.5.2 Tool integrated in Linux hardware requirements

Computing Hardware
 CPU: Multi-core processor (Intel i3, AMD Ryzen 5).
 RAM: 2 GB
 Storage: SSDs with at least 100 GB capacity. [15]

Networking Equipment
 Network Interface Card (NIC): High-speed (40 Mbps).

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 17 of 51

4. Project Implementation and Evaluation

3.3 Implementation of Web Application and Linux based
system

Figure 3 AWS Implementation figure

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 18 of 51

Figure 4 AWS Implementation figure

Figure 5 AWS Implementation figure

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 19 of 51

Figure 6 AWS Implementation figure

Figure 7 AWS Implementation figure

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 20 of 51

Figure 8 AWS Implementation figure

Figure 9 AWS Implementation figure

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 21 of 51

Figure 10 Ubuntu apt-get update command

Figure 11 python3 installation

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 22 of 51

Figure 12 flask flask-core installation

Figure 13 Installing Node Interpreter

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 23 of 51

Figure 14 Installing Node JS

Figure 15 Installing web scanner tool

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 24 of 51

Figure 16 Installing npm axios

Figure 17 Installing pip flusk

Figure 18 Installing ZAP Proxy

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 25 of 51

Figure 19 Installing Nikto

Figure 20 Installing Nikto

Figure 21 Installing Lighthouse

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 26 of 51

Figure 22 Setting up backend app in flask

Figure 23 Setting up backend app in flask

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 27 of 51

Figure 24 HTML Coding for the web application

Figure 25 CSS code

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 28 of 51

Figure 26 Web app testing

Figure 27 Home Page of the web application

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 29 of 51

Figure 28 Scanning for vulnerabilities

Figure 29 Results of the web application

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 30 of 51

Figure 30 Accessibility scanning

Figure 31 Scan for history

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 31 of 51

Figure 32 Desktop of the Tool

Figure 33 Other supportive module in the tool

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 32 of 51

Figure 34 Home page of the scanning tool

Figure 35 Add web page window

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 33 of 51

Figure 36 Website add Completion

Figure 37 Showing the available website after adding it to the tools

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 34 of 51

Figure 38 Vulnerability scanning options window

Figure 39 Cross site scripting scan window

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 35 of 51

Figure 40 Scan results window

Figure 41 Accessibility scan window

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 36 of 51

Figure 42 Accessibility scan results

Figure 43 Python Code for buttons in home page

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 37 of 51

Figure 44 Accessibility scan window code

Figure 45 Accessibility scan window and saving log python code

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 38 of 51

Figure 46 Add website window code

Figure 47 remove website coding

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 39 of 51

Figure 48 Vulnerability scan window coding

Figure 49 Cross site scripting scan coding

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 40 of 51

Figure 50 Other vulnerability scanning results

Figure 51 Accessibility scanning window code

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 41 of 51

Figure 52 Accessibility scanning window code

Figure 53 Accessibility scanning window code

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 42 of 51

3.4 Testing
When implementing a cybersecurity-aware website vulnerability scanner,
thorough testing and troubleshooting are essential to ensure that the
system functions as intended and is free of critical flaws. The process
usually starts with unit testing where single components like the OWASP
ZAP integration, Nikto scan, and accessibility checks using Axe-core and
Lighthouse are tested in separation to check if they are functioning
correctly. Typically, after successful unit test comes integration testing
which focuses on data flow and interactions throughout the system.

Then, system testing is carried out in order to confirm that entire

scanner operates in a real-world situation. This step includes checking
for any security weaknesses, accessibility problems, and overall
performance of the system too. This phase also involves troubleshooting
in order to find out whether there were some bugs or inconsistencies
during this time. For instance situations such as API failures; improper
parsing of scan results or even accessibility assessment mistakes may
occur here. So every time you modify something it is important not only
to continuously monitor but also retrain again so that no new problems
come up during troubleshooting process.

3.5 Results of the Project

The result of the project was the creation of website vulnerability tool
that considers cybersecurity question and web accessibility guide. It also
encompasses a feature of using OWASP ZAP and Nikto in scanning for
risks such as SQL injection and cross-site scripting. It also consists of
accessibility testing modules based on Axe-core and Lighthouse to ensure
that the Website adheres to the Web Content Accessibility Guidelines
(WCAG).

During test runs in both test labs, the system proved its efficacy in such
areas as security threat identification and Web content accessibility for
the disabled. The presented approach of dual functionality met the need
by giving the developers a solution that caters for both security and
inclusiveness at the time of web development. Not only did the final
product improve the security of the websites that were scanned but it
also made the sites affordable to consumers with disabilities making the
website more accessible and legal.

In addition, the reporting module of the tool compiled the results in a

single report that was very simple to read and understand, coming up
with recommendations that could enhance both the security and the
accessibility fronts. In summary it can be said that all goals set for the
project have been met: we have developed an integrated tool that can
effectively support the creation of secure and accessible web applications
and belong to the critical value for organizations that strive to protect

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 43 of 51

their digital assets and at the same time do not lose sight of the issues of
making the web environment as open and available as possible.

Results of the scanner:

Results of the web application

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 44 of 51

3.6 Discussions/Analysis

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 45 of 51

The findings of the project show that the goals of the cybersecurity-aware
website vulnerability scanner were met since both security and
accessibility testing features were successfully combined into one tool.
The effectiveness of the system to identify security vulnerabilities using
OWASP ZAP and Nikto was quite sound, where in the testing process, the
system invariable detected such flaws as SQL injection and cross-site
scripting. It shows that the tool is useful in increasing the security of web
applications that is vital especially in preventing cyber criminals from
accessing confidential information.

Also, Axe-core and Lighthouse for accessibility reviews made it possible

to validate the web applications to meet the WCAG standards. He stated
that besides providing solutions to security issues it also offered a
solution to making the websites disabled friendly. The accessibility tests’
outcomes showed that the tool was efficient in signalling typical
problems like improper ARIA labels’ usage and colour contrast issues.

The comprehensive reporting provided merged data from the security

and the accessibility scans into simple and easy to understand report
forms. These reports gave developers specific information, which they
used to reason with whenever they came across such risks and how to
enhance accessibility. In general, it is possible to conclude that the
project is quite successful because it allows achieving both security and
accessibility at the same time, which is highly important in contemporary
web development.

3.7 Project Innovation

Group:
Altogether, implementing the sophisticated cooperation between OWASP
ZAP/Nikto tests and Axe-core/Lighthouse for accessibility tests worked
superbly in the team and gave us the opportunity to develop tools for
both aspects vital for web creation – security and accessibility. Everyone
in the group was involved in building the architecture design and the
final testing to confirm if the tool could detect the right defects and
issues on relative accessibility across these use cases. We formed a
decision-delimiter function in the reporting module, whereby the
developers narrowed their concerns to the most pertinent problems to
make the tool more useful, given real-world applications. This has given a
collaborated tool that complies with the modern web development
standards and provides end to end security and accessibility solution.

Individual:
In particular, each of us had certain skills or knowledge relevant to the
project we were a part of. Sukhraj oversaw the management of the
project, making sure the focus was maintained and work was proceeding
in accordance with the plan Harsimran was responsible for the design of

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 46 of 51

the user interface and made it organised in a way that users with
different perception abilities could easily understand. Harmeet has
connected Axe-core with Lighthouse, made changes so it has compliance
accessibility, and gave the idea about how it is effective. Migara focused
on backend implementation to include OWASP ZAP and Nikto for
effective security scanning while charvi being the security professional,
tweaking the scanner to best identify new-age vulnerabilities. Altogether,
these developments allowed creation of a large-scope, focus-based tool
that is modelized; this alongside the decision delimiter that optimizes
reporting and criteria prioritization.

4 Conclusions

Project targets have been successfully fulfilled, and a novel

cybersecurity-aware website vulnerability scanner that incorporates
security and accessibility aspects into the one tool has been designed and
implemented. For the security prognosis the tool ties the OWASP ZAP
and Nikto while for the accessibility check the scanner integrates Axe-
core and Lighthouse making it equip for two fundamental angles of Web
advancement – security and accessibilities. The tool was able to
accurately identify most of the generic security weaknesses and
accessibility concerns which make Web applications secure and friendly
to as many users as possible.

The consolidation of the results to decisions Delimiter further adds

function to the reporting module as it enables the developers to focus on
critical issues that need to be addressed. All in all, it can be stated that
the objectives of the work have been met by producing a scalable and
birole application that can be valuable for organizations that have the
need to defend their web applications against threats while not
compromising the accessibility of the applications for people with
disabilities. This project does not only solve an existing problem, but also
lays the basis for continuous enhancement and development of the web
security and accessibility standards.

Limitations

Vulnerability Range: The scanner for the moment is designed to focus

on specific types of vulnerabilities. It remained inadequate because when
it sought to assume the new and more complex threats it would serve its
security purpose effectively.

Real-Time Capabilities: Currently, the tool performs only the analysis

of the web site at a specific time and is not able to monitor it constantly
or, at least, periodically, which would be important when the web site is
updated frequently.

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 47 of 51

Customization Flexibility: The accessibility evaluations operation are

standard and user can not change check parameters in relation to
requirements.

Future Work

To further enhance the tool, several improvements could be explored:

Broader Security Detection: Adding more vulnerability scanners or
customized detecting rules would be able to meet the increasing various
advanced or specific sector threats.
Live Monitoring: Other possible improvements that could be added
include real time scan and monitor that might assist the tool to scan for
both security and accessibility at real-time in dynamic or evolving
context.
AI Integration: Applying machine learning might also be helpful in
increasing the level of accuracy in the detection of vulnerabilities and in
pinpointing priorities related to accessibility issues depending on users’
activity in terms of the visited site.
Custom Rule Creation: Making data secure and enabling users to
decide which of the provided options respond to some business/ legal
demands is how it should be tailored to businesses.
Multi-Platform Support: If compatibility was extended to mobile and
another platform this would encourage an all-round approach to
protection and enhancement to facilities as they are on several digital
platforms.

5. References

[1] A. A. Elmarady and K. Rahouma, "Studying Cybersecurity in Civil Aviation, Including Developing
and Applying Aviation Cybersecurity Risk Assessment," in IEEE Access, vol. 9, pp. 143997-144016,
2021, doi: 10.1109/ACCESS.2021.3121230.
[2] J. Hajny, S. Ricci, E. Piesarskas, O. Levillain, L. Galletta and R. De Nicola, "Framework, Tools and
Good Practices for Cybersecurity Curricula," in IEEE Access, vol. 9, pp. 94723-94747, 2021, doi:
10.1109/ACCESS.2021.3093952.
[3] T. D. Ashley, R. Kwon, S. N. G. Gourisetti, C. Katsis, C. A. Bonebrake and P. A. Boyd, "Gamification
of Cybersecurity for Workforce Development in Critical Infrastructure," in IEEE Access, vol. 10, pp.
112487-112501, 2022, doi: 10.1109/ACCESS.2022.3216711.
[4] F. C. G. Bogaerts, N. Ivaki and J. Fonseca, "A Taxonomy for Python Vulnerabilities," in IEEE Open
Journal of the Computer Society, vol. 5, pp. 368-379, 2024, doi: 10.1109/OJCS.2024.3422686.
[5] C. Liao, W. Wang, K. Sakurada and N. Kawaguchi, "Image-Matching Based Identification of Store
Signage Using Web-Crawled Information," in IEEE Access, vol. 6, pp. 45590-45605, 2018, doi:
10.1109/ACCESS.2018.2865490.
[6] J. Bergman and O. B. Popov, "Exploring Dark Web Crawlers: A Systematic Literature Review of
Dark Web Crawlers and Their Implementation," in IEEE Access, vol. 11, pp. 35914-35933, 2023, doi:
10.1109/ACCESS.2023.3255165.

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 48 of 51

[7] H. -C. Huang, Z. -K. Zhang, H. -W. Cheng and S. W. Shieh, "Web Application Security: Threats,
Countermeasures, and Pitfalls," in Computer, vol. 50, no. 6, pp. 81-85, 2017, doi:
10.1109/MC.2017.183.
[8] F. Ö. Sönmez and B. G. Kiliç, "Holistic Web Application Security Visualization for Multi-Project and
Multi-Phase Dynamic Application Security Test Results," in IEEE Access, vol. 9, pp. 25858-25884,
2021, doi: 10.1109/ACCESS.2021.3057044.
[9] M. F. Hyder and M. A. Ismail, "Securing Control and Data Planes From Reconnaissance Attacks
Using Distributed Shadow Controllers, Reactive and Proactive Approaches," in IEEE Access, vol. 9, pp.
21881-21894, 2021, doi: 10.1109/ACCESS.2021.3055577.
[10] J. Viega, G. McGraw, T. Mutdosch and E. W. Felten, "Statically Scanning Java Code: Finding
Security Vulnerabilities," in IEEE Software, vol. 17, no. 5, pp. 68-74, Sept.-Oct. 2000, doi:
10.1109/52.877869.
[11] J. Diamant, "Resilient Security Architecture: A Complementary Approach to Reducing
Vulnerabilities," in IEEE Security & Privacy, vol. 9, no. 4, pp. 80-84, July-Aug. 2011, doi:
10.1109/MSP.2011.88.
[12] S. Rai, P. Kumar, K. N. Shetty, M. Geetha and B. Giridhar, "WBIN-Tree: A Single Scan Based
Complete, Compact and Abstract Tree for Discovering Rare and Frequent Itemset Using Parallel
Technique," in IEEE Access, vol. 12, pp. 6281-6297, 2024, doi: 10.1109/ACCESS.2024.3350737.
[13] J. Doe, "List of Hardware for High-Performance Computing Proposal," in Proposal for the 2022
International Conference on Computing and Hardware Systems (ICCHS), San Francisco, CA, USA, 10–
12 August 2022, pp. 45–50. [Online]. Available: Google Scholar, CrossRef.
[14] H. M. Chen, S. Y. Liu, and W. K. Huang, "Improving Network Security with Intrusion Detection
Systems," in Proceedings of the 2020 International Conference on Network and Information Systems
Security (NISS), Tokyo, Japan, 15–17 April 2020, pp. 150–155. [Online]. Available: Google Scholar,
CrossRef.
[15] K. R. Gupta and M. S. Singh, "A Comparative Study on Machine Learning Algorithms for Spam
Detection," in Proceedings of the 2019 International Conference on Data Science and Advanced
Analytics (DSAA), Miami, FL, USA, 5–7 October 2019, pp. 300–305. [Online]. Available: Google
Scholar, CrossRef.

[16] Andronescu, A.-D., Brăslaşu, I.-I., & Năstac, D.-I. (2023). Vulnerability Scanner: Web-based
Security Testing. International Conference on Cybersecurity and Cybercrime, 10, 43–48.
DOI:10.19107/CYBERCON.2023.05
[17] Caldwell, B., Cooper, M., Reid, L. G., & Vanderheiden, G. (2008). Web Content Accessibility
Guidelines (WCAG) 2.0. W3C.

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 49 of 51

6. Appendix

Appendix I: Client and supervisor log book

Client Meeting Logbook

We Date Ti Mode Attende Absent Minu Agenda of Discussion Action

ek me of es ees te the
Meeti Take Meeting
ng r
Nam
e
3 31 July 6:3 Virtu Sukhraj None Sukh Initial Review Improv
0 al , raj Design and e
PM Harsim Report discuss design
ran, Submissio the first based
Harmee n design on
t, report feedbac
Charvi, k

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 50 of 51

Migara
5 14 6:3 Virtu Sukhraj None Miga Feature Discuss Set
August 0 al , ra Developme developme deadlin
PM Harsim nt Review nt of es for
ran, additional feature
Harmee features complet
t, ion
Charvi,
Migara

7 28 6:3 Virtu Sukhraj None Sukh Comprehe Discuss Address

August 0 al , raj nsive outcomes critical
PM Harsim Testing of issues
ran, and comprehe identifie
Harmee Quality nsive tests d
t, Assurance and
Charvi, improvem
Migara ents

9 11 6:3 Virtu Sukhraj None Sukh Draft Final Review Collect

Septem 0 al , raj Report the final
ber PM Harsim Review structure inputs
ran, of the final for the
Harmee project report
t, report
Charvi,
Migara

1.1.1 Supervisor Meeting Logbook

We Date Tim Mode Attendees Absent Minut Agenda of Discussio Action

ek e of ees e the Meeting n
Meeti Taker
ng Name
1 17 July 11: In- Sukhraj, Migara Sukhr Project Discuss Confirm
00 Perso Harsimra aj Kickoff project objectives
AM n n, Discussion goals
Harmeet,
Migara,
Charvi
2 24 July 11: In- Sukhraj, None Sukhr System Review Finalize
00 Perso Harsimra aj Architecture requireme documentati
AM n n, Review nts on
Harmeet,
Migara,
Charvi
3 31 July 11: In- Sukhraj, None Sukhr Initial Discuss Update
00 Perso Harsimra aj Design design design
AM n n, Report details
Harmeet, Feedback
Migara,
Charvi
4 7 11: In- Sukhraj, None Sukhr Implementat Plan for Confirm
August 00 Perso Harsimra aj ion Plan major timelines
AM n n, Overview features
Harmeet,
Migara,
Charvi
5 14 11: In- Sukhraj, Charvi Sukhr Feature Check Solve
August 00 Perso Harsimra aj Development feature implementa
AM n n, Update progress tion issues

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance

MN692 Capstone Project Report Page 51 of 51

Harmeet,
Migara
6 21 11: In- Sukhraj, Charvi Sukhr Preliminary Review Prepare for
August 00 Perso Harsimra aj Testing testing more
AM n n, Results outcomes testing
Harmeet, Discussion
Migara
7 28 11: In- Sukhraj, None Sukhr Comprehensi Discuss Fix
August 00 Perso Harsimra aj ve Testing testing identified
AM n n, Strategy methods problems
Harmeet,
Migara,
Charvi
8 4 11: In- Sukhraj, None Sukhr System Review Improve
Septem 00 Perso Harsimra aj Refinement changes security
ber AM n n, Planning needed features
Harmeet,
Migara,
Charvi
9 11 11: In- Sukhraj, None Sukhr Draft Final Outline Collect final
Septem 00 Perso Harsimra aj Report final inputs
ber AM n n, Outline report
Harmeet, Discussion
Migara,
Charvi
10 18 11: In- Sukhraj, None Sukhr Final Report Check Make final
Septem 00 Perso Harsimra aj Review report adjustments
ber AM n n, accuracy
Harmeet,
Migara,
Charvi
11 25 11: In- Sukhraj, None Sukhr Project Prepare Finalize
Septem 00 Perso Harsimra aj Presentation for materials
ber AM n n, Preparation presentati
Harmeet, on
Migara,
Charvi

Cyber Security Aware Vulnerability Scanner for Accessibility Compliance