Enhancement of automated black-box web application vulnerability assessment algorithms
Presently, the web application vulnerability assessment has been widely automated to shorten the web application penetration testing life-cycle. Unfortunately, in the testing environment of the black-box where web-based application codes are unreachable, the automation of web application vulnerabili...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/96252/1/LimKahSengPSC2019.pdf.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-utm-ep.96252 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-utm-ep.962522022-07-05T07:15:06Z Enhancement of automated black-box web application vulnerability assessment algorithms 2019 Lim, Kah Seng QA75 Electronic computers. Computer science Presently, the web application vulnerability assessment has been widely automated to shorten the web application penetration testing life-cycle. Unfortunately, in the testing environment of the black-box where web-based application codes are unreachable, the automation of web application vulnerability assessment tend to produce the false negatives. This research was conducted to enhance the present state-of-the-art automated web application vulnerability assessment and mitigate the research problems of test coverage and false negatives. In this research, three enhancements were developed to address the problems. The first enhancement involved the improvement of current web-based application reconnaissance solution, using the derived algorithms for form fills and input generation. The second enhancement improved the existing vulnerability assessment solutions by using an invented algorithm, which implemented the execution-path oriented analysis. The final enhancement improved the present vulnerability detection solution with an algorithm that detects vulnerability using a proposed execution path-oriented data flow analysis and fuzzy set theory. This research was conducted based on applied research method, which covered literature reviews, requirement analysis, and preliminary experimentation that led to the creation of the stated algorithms. In addition, a prototype automated black-box web application vulnerability assessment tool was conceived using Java programming language as well as Selenium and Crawljax frameworks. An experimentation was conducted to quantitatively benchmark the validity of the algorithm using twelve test-beds, composed of vulnerable web-based applications, and eight existing automated black-box web application vulnerability assessment tools. The experimental results showed there was an improvement of test coverage by 14.35% and a reduction of false negative by 64%. In conclusion, the enhancements made using the proposed algorithms have improved the automated web application vulnerability assessment test coverage and reduced the false negatives. 2019 Thesis http://eprints.utm.my/id/eprint/96252/ http://eprints.utm.my/id/eprint/96252/1/LimKahSengPSC2019.pdf.pdf application/pdf en public http://dms.library.utm.my:8080/vital/access/manager/Repository/vital:143092 phd doctoral Universiti Teknologi Malaysia Faculty of Engineering - School of Computing |
| institution |
Universiti Teknologi Malaysia |
| collection |
UTM Institutional Repository |
| language |
English |
| topic |
QA75 Electronic computers Computer science |
| spellingShingle |
QA75 Electronic computers Computer science Lim, Kah Seng Enhancement of automated black-box web application vulnerability assessment algorithms |
| description |
Presently, the web application vulnerability assessment has been widely automated to shorten the web application penetration testing life-cycle. Unfortunately, in the testing environment of the black-box where web-based application codes are unreachable, the automation of web application vulnerability assessment tend to produce the false negatives. This research was conducted to enhance the present state-of-the-art automated web application vulnerability assessment and mitigate the research problems of test coverage and false negatives. In this research, three enhancements were developed to address the problems. The first enhancement involved the improvement of current web-based application reconnaissance solution, using the derived algorithms for form fills and input generation. The second enhancement improved the existing vulnerability assessment solutions by using an invented algorithm, which implemented the execution-path oriented analysis. The final enhancement improved the present vulnerability detection solution with an algorithm that detects vulnerability using a proposed execution path-oriented data flow analysis and fuzzy set theory. This research was conducted based on applied research method, which covered literature reviews, requirement analysis, and preliminary experimentation that led to the creation of the stated algorithms. In addition, a prototype automated black-box web application vulnerability assessment tool was conceived using Java programming language as well as Selenium and Crawljax frameworks. An experimentation was conducted to quantitatively benchmark the validity of the algorithm using twelve test-beds, composed of vulnerable web-based applications, and eight existing automated black-box web application vulnerability assessment tools. The experimental results showed there was an improvement of test coverage by 14.35% and a reduction of false negative by 64%. In conclusion, the enhancements made using the proposed algorithms have improved the automated web application vulnerability assessment test coverage and reduced the false negatives. |
| format |
Thesis |
| qualification_name |
Doctor of Philosophy (PhD.) |
| qualification_level |
Doctorate |
| author |
Lim, Kah Seng |
| author_facet |
Lim, Kah Seng |
| author_sort |
Lim, Kah Seng |
| title |
Enhancement of automated black-box web application vulnerability assessment algorithms |
| title_short |
Enhancement of automated black-box web application vulnerability assessment algorithms |
| title_full |
Enhancement of automated black-box web application vulnerability assessment algorithms |
| title_fullStr |
Enhancement of automated black-box web application vulnerability assessment algorithms |
| title_full_unstemmed |
Enhancement of automated black-box web application vulnerability assessment algorithms |
| title_sort |
enhancement of automated black-box web application vulnerability assessment algorithms |
| granting_institution |
Universiti Teknologi Malaysia |
| granting_department |
Faculty of Engineering - School of Computing |
| publishDate |
2019 |
| url |
http://eprints.utm.my/id/eprint/96252/1/LimKahSengPSC2019.pdf.pdf |
| _version_ |
1747818651694661632 |