Automatic website pen-testing with domain knowledge
Penetration testing, also known as pen-testing, is a way of security assessment to safely exploit potential vulnerabilities on web applications. It is usually achieved manually by security expertise or automatically by a software. Compared to manual testing, automated pen-testing is much faster and...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
Nanyang Technological University
2021
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/153475 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-153475 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1534752021-12-03T02:44:22Z Automatic website pen-testing with domain knowledge Zou, Yulin Liu Yang School of Computer Science and Engineering yangliu@ntu.edu.sg Engineering::Computer science and engineering Penetration testing, also known as pen-testing, is a way of security assessment to safely exploit potential vulnerabilities on web applications. It is usually achieved manually by security expertise or automatically by a software. Compared to manual testing, automated pen-testing is much faster and more efficient since the performer doesn’t need to be an expert, people with least relevant knowledge can also operate the software. Nevertheless, automatic penetration testing has yet to be developed in detecting situational and logical risks, such as analysis on whether several less severe risks may lead to more significant vulnerability scenarios. An application programming interface, or API, is the interface that allows users to communicate with web applications. As the main object of penetration testing, research have been done on how to automatically discover the relation between different API requests, so that the software can have a systematic view of the whole web application. Most of these testing applications requires API documentation as an input to generate system-level test cases. Therefore, the completeness and accuracy of the API document largely determines the reliability of the testing results. However, we found that most of the publicly available API documents are either outdated or lack of detail. To address this problem, we presented a method to auto-generate API documents by analyzing traffic through it. Bachelor of Engineering (Computer Engineering) 2021-12-03T02:44:22Z 2021-12-03T02:44:22Z 2021 Final Year Project (FYP) Zou, Y. (2021). Automatic website pen-testing with domain knowledge. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/153475 https://hdl.handle.net/10356/153475 en SCSE20-0705 application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Engineering::Computer science and engineering |
| spellingShingle |
Engineering::Computer science and engineering Zou, Yulin Automatic website pen-testing with domain knowledge |
| description |
Penetration testing, also known as pen-testing, is a way of security assessment to safely exploit potential vulnerabilities on web applications. It is usually achieved manually by security expertise or automatically by a software. Compared to manual testing, automated pen-testing is much faster and more efficient since the performer doesn’t need to be an expert, people with least relevant knowledge can also operate the software. Nevertheless, automatic penetration testing has yet to be developed in detecting situational and logical risks, such as analysis on whether several less severe risks may lead to more significant vulnerability scenarios.
An application programming interface, or API, is the interface that allows users to communicate with web applications. As the main object of penetration testing, research have been done on how to automatically discover the relation between different API requests, so that the software can have a systematic view of the whole web application. Most of these testing applications requires API documentation as an input to generate system-level test cases. Therefore, the completeness and accuracy of the API document largely determines the reliability of the testing results. However, we found that most of the publicly available API documents are either outdated or lack of detail. To address this problem, we presented a method to auto-generate API documents by analyzing traffic through it. |
| author2 |
Liu Yang |
| author_facet |
Liu Yang Zou, Yulin |
| format |
Final Year Project |
| author |
Zou, Yulin |
| author_sort |
Zou, Yulin |
| title |
Automatic website pen-testing with domain knowledge |
| title_short |
Automatic website pen-testing with domain knowledge |
| title_full |
Automatic website pen-testing with domain knowledge |
| title_fullStr |
Automatic website pen-testing with domain knowledge |
| title_full_unstemmed |
Automatic website pen-testing with domain knowledge |
| title_sort |
automatic website pen-testing with domain knowledge |
| publisher |
Nanyang Technological University |
| publishDate |
2021 |
| url |
https://hdl.handle.net/10356/153475 |
| _version_ |
1718368040411725824 |