BreachAI : an artificial intelligence approach to enhance automated security testing of web applications
Web application vulnerabilities are uncovered by using a method known as fuzzing, which consists of automatically generating and sending malicious inputs to a chosen web application. Modern day security scanners have helped to make this process simpler by improving the execution time to fuzz a web a...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2018
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/76168 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-76168 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-761682023-03-03T20:59:21Z BreachAI : an artificial intelligence approach to enhance automated security testing of web applications Soong, Jie Ming Shar Lwin Khin School of Computer Science and Engineering DRNTU::Engineering::Computer science and engineering Web application vulnerabilities are uncovered by using a method known as fuzzing, which consists of automatically generating and sending malicious inputs to a chosen web application. Modern day security scanners have helped to make this process simpler by improving the execution time to fuzz a web application. However, therein lies a possibility that a well-hidden vulnerability might be overlooked by these security scanners. Hence, we introduce a method to enhance current security scanners to minimize the amount of overlooked vulnerabilities. BreachAI is a direct result of this project. BreachAI is a black-box Cross-site Scripting fuzzer for web applications. It will work seamlessly with Zed Attack Proxy, an open-sourced web application scanner produced by the Open Web Application Security Project, to enhance some of its Cross-site Scripting Features. Using genetic algorithm and a modified version of the JavaScript grammar, BreachAI can automatically generate malicious inputs and upon analysing the responses of the web application, constantly evolve these malicious inputs to better pick up cross-site scripting vulnerabilities in a web application. The evaluation demonstrates no false positives and higher, if not the same, vulnerability detection rates in the web applications tested as compared to Zed Attack Proxy. Bachelor of Engineering (Computer Science) 2018-11-21T15:39:59Z 2018-11-21T15:39:59Z 2018 Final Year Project (FYP) http://hdl.handle.net/10356/76168 en Nanyang Technological University 51 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Computer science and engineering |
| spellingShingle |
DRNTU::Engineering::Computer science and engineering Soong, Jie Ming BreachAI : an artificial intelligence approach to enhance automated security testing of web applications |
| description |
Web application vulnerabilities are uncovered by using a method known as fuzzing, which consists of automatically generating and sending malicious inputs to a chosen web application. Modern day security scanners have helped to make this process simpler by improving the execution time to fuzz a web application. However, therein lies a possibility that a well-hidden vulnerability might be overlooked by these security scanners. Hence, we introduce a method to enhance current security scanners to minimize the amount of overlooked vulnerabilities. BreachAI is a direct result of this project. BreachAI is a black-box Cross-site Scripting fuzzer for web applications. It will work seamlessly with Zed Attack Proxy, an open-sourced web application scanner produced by the Open Web Application Security Project, to enhance some of its Cross-site Scripting Features. Using genetic algorithm and a modified version of the JavaScript grammar, BreachAI can automatically generate malicious inputs and upon analysing the responses of the web application, constantly evolve these malicious inputs to better pick up cross-site scripting vulnerabilities in a web application. The evaluation demonstrates no false positives and higher, if not the same, vulnerability detection rates in the web applications tested as compared to Zed Attack Proxy. |
| author2 |
Shar Lwin Khin |
| author_facet |
Shar Lwin Khin Soong, Jie Ming |
| format |
Final Year Project |
| author |
Soong, Jie Ming |
| author_sort |
Soong, Jie Ming |
| title |
BreachAI : an artificial intelligence approach to enhance automated security testing of web applications |
| title_short |
BreachAI : an artificial intelligence approach to enhance automated security testing of web applications |
| title_full |
BreachAI : an artificial intelligence approach to enhance automated security testing of web applications |
| title_fullStr |
BreachAI : an artificial intelligence approach to enhance automated security testing of web applications |
| title_full_unstemmed |
BreachAI : an artificial intelligence approach to enhance automated security testing of web applications |
| title_sort |
breachai : an artificial intelligence approach to enhance automated security testing of web applications |
| publishDate |
2018 |
| url |
http://hdl.handle.net/10356/76168 |
| _version_ |
1759856995324657664 |