Please use this identifier to cite or link to this item:
|Title:||Automatic website pen-testing with domain knowledge||Authors:||Zou, Yulin||Keywords:||Engineering::Computer science and engineering||Issue Date:||2021||Publisher:||Nanyang Technological University||Source:||Zou, Y. (2021). Automatic website pen-testing with domain knowledge. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/153475||Project:||SCSE20-0705||Abstract:||Penetration testing, also known as pen-testing, is a way of security assessment to safely exploit potential vulnerabilities on web applications. It is usually achieved manually by security expertise or automatically by a software. Compared to manual testing, automated pen-testing is much faster and more efficient since the performer doesn’t need to be an expert, people with least relevant knowledge can also operate the software. Nevertheless, automatic penetration testing has yet to be developed in detecting situational and logical risks, such as analysis on whether several less severe risks may lead to more significant vulnerability scenarios. An application programming interface, or API, is the interface that allows users to communicate with web applications. As the main object of penetration testing, research have been done on how to automatically discover the relation between different API requests, so that the software can have a systematic view of the whole web application. Most of these testing applications requires API documentation as an input to generate system-level test cases. Therefore, the completeness and accuracy of the API document largely determines the reliability of the testing results. However, we found that most of the publicly available API documents are either outdated or lack of detail. To address this problem, we presented a method to auto-generate API documents by analyzing traffic through it.||URI:||https://hdl.handle.net/10356/153475||Schools:||School of Computer Science and Engineering||Fulltext Permission:||restricted||Fulltext Availability:||With Fulltext|
|Appears in Collections:||SCSE Student Reports (FYP/IA/PA/PI)|
Updated on Dec 2, 2023
Updated on Dec 2, 2023
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.