Please use this identifier to cite or link to this item:
Title: BreachAI : an artificial intelligence approach to enhance automated security testing of web applications
Authors: Soong, Jie Ming
Keywords: DRNTU::Engineering::Computer science and engineering
Issue Date: 2018
Abstract: Web application vulnerabilities are uncovered by using a method known as fuzzing, which consists of automatically generating and sending malicious inputs to a chosen web application. Modern day security scanners have helped to make this process simpler by improving the execution time to fuzz a web application. However, therein lies a possibility that a well-hidden vulnerability might be overlooked by these security scanners. Hence, we introduce a method to enhance current security scanners to minimize the amount of overlooked vulnerabilities. BreachAI is a direct result of this project. BreachAI is a black-box Cross-site Scripting fuzzer for web applications. It will work seamlessly with Zed Attack Proxy, an open-sourced web application scanner produced by the Open Web Application Security Project, to enhance some of its Cross-site Scripting Features. Using genetic algorithm and a modified version of the JavaScript grammar, BreachAI can automatically generate malicious inputs and upon analysing the responses of the web application, constantly evolve these malicious inputs to better pick up cross-site scripting vulnerabilities in a web application. The evaluation demonstrates no false positives and higher, if not the same, vulnerability detection rates in the web applications tested as compared to Zed Attack Proxy.
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
FYP Report SOONG Jie Ming.pdf
  Restricted Access
2.42 MBAdobe PDFView/Open

Page view(s) 50

checked on Oct 25, 2020

Download(s) 50

checked on Oct 25, 2020

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.