Neural networks based choice of tools for penetration testing of web applications

Tetskyi, Artem; Kharchenko, Vyacheslav; Uzun, Dmytro

doi:10.1109/dessert.2018.8409167

Cited by 9 publications

(4 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Risk assessment automation have been proposed in the form of automated penetration testing frameworks (e.g. [9], [10], [11], [12], [13], [14], [15], [16], [17], and [18]). These automated tools are excellent resources for identifying vulnerabilities.…”

Section: Risk Assessment Automationmentioning

confidence: 99%

Creating a Standardized Risk Assessment Framework Library for Healthcare Information Technology

Schmeelk

2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Data breaches are occurring at an unprecedented rate.In February 2019 alone, over a million individuals were reported to the United States government as having been involved in a breach of their medical data by healthcare entities. Although many organizations have some policies, procedures and risk management components in place, few (if any) organizations are centrally connecting legal requirements, penetration tests, policies and procedures into a standardized and consistent methodology for further analysis and auditing. This research produces a new open source risk management standardized library coordinating the aforementioned risk management components. The new library is applied to an open source vulnerable web-application example to emphasize the benefits from the adoption of such a public standardized risk assessment library.

show abstract

Section: Risk Assessment Automationmentioning

confidence: 99%

Creating a Standardized Risk Assessment Framework Library for Healthcare Information Technology

Schmeelk

2020

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…Overall, a total number of eleven test-beds and six web application security scanners were chosen to be evaluated in this quantitative analysis using the measurement metrics of false positives, false negatives, redundant tests, and true negative, as previously practised by [9]. These test-beds and web application security scanners were chosen based on criteria of [25] that they are easy to use and install; they are ubiquitous; they are free or not too expensive; they support cross-site scripting vulnerability, and they are well-documented. A simple reason that testbeds, which are the vulnerable web application, were used to benchmark the web application security scanner's quality was to prevent the committing of cybercrime as in the web application security scanner might harms a web application security through the active scanning, which involves writing of attack payloads into the web application attack vectors and database.…”

Section: Preparationmentioning

confidence: 99%

The Preparation of Cross-site Scripting in Automated Web Application Vulnerability Assessment: The Quantitative Analysis

Seng¹

2019

IJATCSE

View full text Add to dashboard Cite

Nowadays, practitioners have automated web application vulnerability assessment to speed up the testing life-cycle. Although this area of research had been widely studied worldwide for decades, however, existing studies show present state-of-the-art of automated web application vulnerability assessment still suffer from limitations of false alarms, which including both false positive and false negative. Therefore, this paper extends present research works by quantitatively analysing the web application security scanners' quality. The objective is to investigate present state-of-the-art performance in cross-site scripting detection for witnessing the decades of evolution. This paper achieves desired goal using the experimental research method, which the paper had quantitatively analysed six web application security scanner's performance for clarifying these scanners' capability in detecting the crosssite scripting. The experiment result shows present state-ofthe-art still suffer from limitations of false positive, false negative and redundant test results.

show abstract

“…The goal of the paper is to describe the process of creating a neural network based Web service for choosing tools of penetration testing of Web applications. This paper is based on [11], in which prerequisites for creating a Web service for choosing penetration tools were described. Also, it discusses issues related to the implementation of neural network logic on the Web server side.…”

Section: Introductionmentioning

confidence: 99%

Architecture and Model of Neural Network Based Service for Choice of the Penetration Testing Tools

Tetskyi¹,

Kharchenko²,

Uzun³

et al. 2021

IJC

Self Cite

View full text Add to dashboard Cite

During penetration testing of web applications, different tools are actively used to relieve the tester from repeating monotonous operations. The difficulty of the choice is in the fact that there are tools with similar functionality, and it is hard to define which tool is best to choose for a particular case. In this paper, a solution of the problem with making a choice by creating a Web service that will use a neural network on the server side is proposed. The neural network is trained on data obtained from experts in the field of penetration testing. A trained neural network will be able to select tools in accordance with specified requirements. Examples of the operation of a neural network trained on a small sample of data are shown. The effect of the number of neural network learning epochs on the results of work is shown. An example of input data is given, in which the neural network could not select the tool due to insufficient data for training. The advantages of the method shown are the simplicity of implementation (the number of lines of code is used as a metric) and the possibility of using opinions about tools from various experts. The disadvantages include the search for data for training, the need for experimental selection of the parameters of the neural network and the possibility of situations where the neural network will not be able to select tool that meets the specified requirements.

show abstract

Neural networks based choice of tools for penetration testing of web applications

Cited by 9 publications

References 11 publications

Creating a Standardized Risk Assessment Framework Library for Healthcare Information Technology

Creating a Standardized Risk Assessment Framework Library for Healthcare Information Technology

The Preparation of Cross-site Scripting in Automated Web Application Vulnerability Assessment: The Quantitative Analysis

Architecture and Model of Neural Network Based Service for Choice of the Penetration Testing Tools

Contact Info

Product

Resources

About