Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/147998
Title: An automated RESTful multi-API security vulnerability testing tool
Authors: Lee, Chong Yu
Keywords: Engineering::Computer science and engineering
Issue Date: 2021
Publisher: Nanyang Technological University
Source: Lee, C. Y. (2021). An automated RESTful multi-API security vulnerability testing tool. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/147998
Abstract: Web security has been a concern given how often people access web applications be it for work or leisure. Users do not understand that there could be underlying security vulnerabilities that could jeopardize their privacy. However, even web application developers overlook these issues themselves due to time constraints and lacking expertise on software security. Also, locating vulnerabilities is not an easy task for security experts. When such issues are not fixed, they pose risks to service and data. As such, there is a need for an automated tool that can assist those that lack expertise in security domain to detect software bugs and security vulnerabilities efficiently and increase the efficiency of security experts to escalate vulnerabilities in web applications. In this project, the focus will be to explore the security vulnerabilities in RESTful web applications, designing part of a current software testing tool to incorporate security methodologies, as well as create an extension to the tool. For phase 1, we explored different API security vulnerabilities to design an API input generation methodology with security payloads, which is incorporated into the software testing tool to test on 22 real-world targets and compared with other similar tools. We then discuss the outcome of the tests and re-designing of the JSON parser to improve on the performance of the tool. For phase 2, a tree traversal algorithm is designed to execute specific sequences and check for vulnerabilities triggered in multi-API calls.
URI: https://hdl.handle.net/10356/147998
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
FYP Final Report.pdf
  Restricted Access
1.8 MBAdobe PDFView/Open

Page view(s)

116
Updated on May 18, 2022

Download(s)

6
Updated on May 18, 2022

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.