RAT: Reinforcement-Learning-Driven and Adaptive Testing for Vulnerability Discovery in Web Application Firewalls

Amouei, Mohammadhossein; Rezvani, Mohsen; Fateh, Mansoor

doi:10.1109/tdsc.2021.3095417

Cited by 13 publications

(7 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Firmaster [76], Gail-PT [79], HILTI [82], IoTFuzzer [83], JCOMIX [84], LAID [85], Link [86], Lore [87], Mace [89], MaliceScript [92], Masat [93], Mirage [94], Mitch [95], MoScan [96], NAUTILUS [97], NAVEX [98], No Name (CSRF) [101], No Name (TTCN-3) [102], NodeXP [104], OSV [107], ObjectMap [105], Owfuzz [108], PJCT [115], PURITY [117], PentestGPT [113], PhpSAFE [114], Project Achilles [116], Pyciuti [118], RAT [119], ROSploit [123], RT-RCT [124], Revealer [120], RiscyROP [121], Robin [122], SOA-Scanner [130], SVED [133], Scanner++ [125], SerialDetector [127], ShoVAT [128], Snout [129], Spicy [131], SuperEye [132], TChecker [135], TORPEDO [136], UE Security Reloaded [137], VAPE-BRIDGE…”

Section: Discussionmentioning

confidence: 99%

“…No Name (TTCN-3) [102], NodeXP [104], OSV [107], ObjectMap [105], Owfuzz [108], PURITY [117], PenQuest [112], PentestGPT [113], PhpSAFE [114], Pyciuti [118], Pyciuti [118], RAT [119], ROSploit [123], RT-RCT [124], RT-RCT [124], Revealer [120], RiscyROP [121], Robin [122], SOA-Scanner [130], SVED [133], Scan-ner++ [125], SerialDetector [127], ShoVAT [128], ShoVAT [128], Snout [129], Snout [129], Spicy [131], Spicy [131], SuperEye [132], TAMELESS [134], TChecker [135], TORPEDO [136], UE Security Reloaded [137], VAPE-BRIDGE [139], VERA [140], VUDDY [141], VulCNN [143], VulDeePecker [144], VulPecker [147], Vulcan [142], Vulnet [145], Vulnsloit [146], WAPTT [148], WebFuzz [149], WebVIM [150] Resource Development ...…”

Section: Reconnaissancementioning

confidence: 99%

See 1 more Smart Citation

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Reconnaissancementioning

confidence: 99%

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Modesti,

Golightly,

Holmes

et al. 2024

JCP

View full text Add to dashboard Cite

show abstract

“…Injection adalah serangan di mana penyerang menyuntikkan suatu input berbahaya ke aplikasi web. Biasanya karena kurangnya keterampilan pemrograman dalam kueri aplikasi menginterpretasikan input sebagai bagian dari perintah atau kueri, yang dapat mengakibatkan kerusakan parah [10]. Dalam penelitian ini, pengujian dilakukan pada serangan SQL injection.…”

Section: Injectionunclassified

Effectiveness of Security Through Obscurity Methods to Avoid Web Application Vulnerability Scanners

Kurniawan,

Ramli

2023

J. Tek. Inform. (JUTIF)

View full text Add to dashboard Cite

The concept of security through obscurity is not recommended by the National Institute of Standards and Technology (NIST) as a form of system security. Basically this concept hides assets as difficult as possible so that it is not easy for attackers to find them, so that it can be used to avoid vulnerability scanner applications that are widely used by attackers to find out web system weaknesses. This research was conducted by modifying the web application firewall (WAF) and testing using the SQLMap and OWASP Zed Attack Proxy (ZAP) vulnerability scanner applications. The results of the study show that SQLMap takes up to 1238 times longer to complete a scan on a modified web application firewall than without modification, while OWASP ZAP cannot complete a scan on the same treatment. Thus the concept of security through obscurity can be applied to web security to extend vulnerability scanning time.

show abstract

“…Web application services are increasing year by year across various applications in our lives, making them the main targets of attackers. In this context, a large number of Web security vulnerabilities have posed significant challenges to network security [1,2]. SQL Injection Attack (SQLIA) is a type of Web application attack [3,4].…”

Section: Introductionmentioning

confidence: 99%

SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic

Guo

Chao-hui

et al. 2023

Electronics

View full text Add to dashboard Cite

An SQL Injection Attack (SQLIA) is a major cyber security threat to Web services, and its different stages can cause different levels of damage to an information system. Attackers can construct complex and diverse SQLIA statements, which often cause most existing inbound-based detection methods to have a high false-negative rate when facing deformed or unknown SQLIA statements. Although some existing works have analyzed different features for the stages of SQLIA from the perspectives of attackers, they primarily focus on stage analysis rather than different stages’ identification. To detect SQLIA and identify its stages, we analyze the outbound traffic from the Web server and find that it can differentiate between SQLIA traffic and normal traffic, and the outbound traffic generated during the two stages of SQLIA exhibits distinct characteristics. By employing 13 features extracted from outbound traffic, we propose an SQLIA detection and stage identification method based on outbound traffic (SDSIOT), which is a two-phase method that detects SQLIAs in Phase I and identifies their stages in Phase II. Importantly, it does not need to analyze the complex and diverse malicious statements made by attackers. The experimental results show that SDSIOT achieves an accuracy of 98.57% for SQLIA detection and 94.01% for SQLIA stage identification. Notably, the accuracy of SDSIOT’s SQLIA detection is 8.22 percentage points higher than that of ModSecurity.

show abstract

RAT: Reinforcement-Learning-Driven and Adaptive Testing for Vulnerability Discovery in Web Application Firewalls

Cited by 13 publications

References 33 publications

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools

Effectiveness of Security Through Obscurity Methods to Avoid Web Application Vulnerability Scanners

SDSIOT: An SQL Injection Attack Detection and Stage Identification Method Based on Outbound Traffic

Contact Info

Product

Resources

About