Automatic website pentesting with domain knowledge
Representational State Transfer(RESTful) API is one of the most popular specifications used by most systems nowadays. With the help of such regulation, back end systems can be easily regarded as individual services, rather than a whole heavyset of software solutions. To improve security of RESTful w...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/153246 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-153246 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1532462021-11-17T00:54:32Z Automatic website pentesting with domain knowledge Peng, Luocheng Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering::Software::Software engineering Representational State Transfer(RESTful) API is one of the most popular specifications used by most systems nowadays. With the help of such regulation, back end systems can be easily regarded as individual services, rather than a whole heavyset of software solutions. To improve security of RESTful web services, API fuzzers then appear. API fuzzing tools are black box testing tools that can automatically analyze the APIs of the system and check for potential bugs and even vulnerabilities. To solve the problem that most API fuzzing tools need OpenAPI specification documentations as input and there are usually no such documentation provided by some systems, Passive Proxy API Processor(PPAP) is developed to automatically generate OpenAPI specification documentations based on user interaction with target systems. However, this paper only proposed a demo version of PPAP. There are also several improvement points on different content negotiation types support and also active proxy functions support. Bachelor of Engineering (Computer Science) 2021-11-17T00:54:32Z 2021-11-17T00:54:32Z 2021 Final Year Project (FYP) Peng, L. (2021). Automatic website pentesting with domain knowledge. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/153246 https://hdl.handle.net/10356/153246 en application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering::Software::Software engineering |
| spellingShingle |
Engineering::Computer science and engineering::Software::Software engineering Peng, Luocheng Automatic website pentesting with domain knowledge |
| description |
Representational State Transfer(RESTful) API is one of the most popular specifications used by most systems nowadays. With the help of such regulation, back end systems can be easily regarded as individual services, rather than a whole heavyset of software solutions. To improve security of RESTful web services, API fuzzers then appear. API fuzzing tools are black box testing tools that can automatically analyze the APIs of the system and check for potential bugs and even vulnerabilities. To solve the problem that most API fuzzing tools need OpenAPI specification documentations as input and there are usually no such documentation provided by some systems, Passive Proxy API Processor(PPAP) is developed to automatically generate OpenAPI specification documentations based on user interaction with target systems. However, this paper only proposed a demo version of PPAP. There are also several improvement points on different content negotiation types support and also active proxy functions support. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Peng, Luocheng |
| format |
Final Year Project |
| author |
Peng, Luocheng |
| author_sort |
Peng, Luocheng |
| title |
Automatic website pentesting with domain knowledge |
| title_short |
Automatic website pentesting with domain knowledge |
| title_full |
Automatic website pentesting with domain knowledge |
| title_fullStr |
Automatic website pentesting with domain knowledge |
| title_full_unstemmed |
Automatic website pentesting with domain knowledge |
| title_sort |
automatic website pentesting with domain knowledge |
| publisher |
Nanyang Technological University |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/153246 |
| _version_ |
1718368052076085248 |