Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/153475
Title: Automatic website pen-testing with domain knowledge
Authors: Zou, Yulin
Keywords: Engineering::Computer science and engineering
Issue Date: 2021
Publisher: Nanyang Technological University
Source: Zou, Y. (2021). Automatic website pen-testing with domain knowledge. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/153475
Project: SCSE20-0705
Abstract: Penetration testing, also known as pen-testing, is a way of security assessment to safely exploit potential vulnerabilities on web applications. It is usually achieved manually by security expertise or automatically by a software. Compared to manual testing, automated pen-testing is much faster and more efficient since the performer doesn’t need to be an expert, people with least relevant knowledge can also operate the software. Nevertheless, automatic penetration testing has yet to be developed in detecting situational and logical risks, such as analysis on whether several less severe risks may lead to more significant vulnerability scenarios. An application programming interface, or API, is the interface that allows users to communicate with web applications. As the main object of penetration testing, research have been done on how to automatically discover the relation between different API requests, so that the software can have a systematic view of the whole web application. Most of these testing applications requires API documentation as an input to generate system-level test cases. Therefore, the completeness and accuracy of the API document largely determines the reliability of the testing results. However, we found that most of the publicly available API documents are either outdated or lack of detail. To address this problem, we presented a method to auto-generate API documents by analyzing traffic through it.
URI: https://hdl.handle.net/10356/153475
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
FYP Report Zou Yulin.pdf
  Restricted Access
3.01 MBAdobe PDFView/Open

Page view(s)

114
Updated on Jun 23, 2022

Download(s) 50

31
Updated on Jun 23, 2022

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.