An automated RESTful multi-API security vulnerability testing tool
Web security has been a concern given how often people access web applications be it for work or leisure. Users do not understand that there could be underlying security vulnerabilities that could jeopardize their privacy. However, even web application developers overlook these issues themselves due...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/147998 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-147998 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1479982021-04-22T02:39:01Z An automated RESTful multi-API security vulnerability testing tool Lee, Chong Yu Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering Web security has been a concern given how often people access web applications be it for work or leisure. Users do not understand that there could be underlying security vulnerabilities that could jeopardize their privacy. However, even web application developers overlook these issues themselves due to time constraints and lacking expertise on software security. Also, locating vulnerabilities is not an easy task for security experts. When such issues are not fixed, they pose risks to service and data. As such, there is a need for an automated tool that can assist those that lack expertise in security domain to detect software bugs and security vulnerabilities efficiently and increase the efficiency of security experts to escalate vulnerabilities in web applications. In this project, the focus will be to explore the security vulnerabilities in RESTful web applications, designing part of a current software testing tool to incorporate security methodologies, as well as create an extension to the tool. For phase 1, we explored different API security vulnerabilities to design an API input generation methodology with security payloads, which is incorporated into the software testing tool to test on 22 real-world targets and compared with other similar tools. We then discuss the outcome of the tests and re-designing of the JSON parser to improve on the performance of the tool. For phase 2, a tree traversal algorithm is designed to execute specific sequences and check for vulnerabilities triggered in multi-API calls. Bachelor of Engineering (Computer Science) 2021-04-22T02:39:00Z 2021-04-22T02:39:00Z 2021 Final Year Project (FYP) Lee, C. Y. (2021). An automated RESTful multi-API security vulnerability testing tool. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/147998 https://hdl.handle.net/10356/147998 en application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Lee, Chong Yu An automated RESTful multi-API security vulnerability testing tool |
| description |
Web security has been a concern given how often people access web applications be it for work or leisure. Users do not understand that there could be underlying security vulnerabilities that could jeopardize their privacy. However, even web application developers overlook these issues themselves due to time constraints and lacking expertise on software security. Also, locating vulnerabilities is not an easy task for security experts. When such issues are not fixed, they pose risks to service and data. As such, there is a need for an automated tool that can assist those that lack expertise in security domain to detect software bugs and security vulnerabilities efficiently and increase the efficiency of security experts to escalate vulnerabilities in web applications.
In this project, the focus will be to explore the security vulnerabilities in RESTful web applications, designing part of a current software testing tool to incorporate security methodologies, as well as create an extension to the tool. For phase 1, we explored different API security vulnerabilities to design an API input generation methodology with security payloads, which is incorporated into the software testing tool to test on 22 real-world targets and compared with other similar tools. We then discuss the outcome of the tests and re-designing of the JSON parser to improve on the performance of the tool. For phase 2, a tree traversal algorithm is designed to execute specific sequences and check for vulnerabilities triggered in multi-API calls. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Lee, Chong Yu |
| format |
Final Year Project |
| author |
Lee, Chong Yu |
| author_sort |
Lee, Chong Yu |
| title |
An automated RESTful multi-API security vulnerability testing tool |
| title_short |
An automated RESTful multi-API security vulnerability testing tool |
| title_full |
An automated RESTful multi-API security vulnerability testing tool |
| title_fullStr |
An automated RESTful multi-API security vulnerability testing tool |
| title_full_unstemmed |
An automated RESTful multi-API security vulnerability testing tool |
| title_sort |
automated restful multi-api security vulnerability testing tool |
| publisher |
Nanyang Technological University |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/147998 |
| _version_ |
1698713722080460800 |