Your browser doesn't support javascript.
loading
Generative Adversarial Network (GAN)-Based Autonomous Penetration Testing for Web Applications.
Chowdhary, Ankur; Jha, Kritshekhar; Zhao, Ming.
Afiliación
  • Chowdhary A; 6sense Insights Inc., San Francisco, CA 94105, USA.
  • Jha K; School of Computing and Augmented Intelligence, Arizona State University, Tempe, AZ 85281, USA.
  • Zhao M; School of Computing and Augmented Intelligence, Arizona State University, Tempe, AZ 85281, USA.
Sensors (Basel) ; 23(18)2023 Sep 21.
Article en En | MEDLINE | ID: mdl-37766067
The web application market has shown rapid growth in recent years. The expansion of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) has created new web-based communication and sensing frameworks. Current security research utilizes source code analysis and manual exploitation of web applications, to identify security vulnerabilities, such as Cross-Site Scripting (XSS) and SQL Injection, in these emerging fields. The attack samples generated as part of web application penetration testing on sensor networks can be easily blocked, using Web Application Firewalls (WAFs). In this research work, we propose an autonomous penetration testing framework that utilizes Generative Adversarial Networks (GANs). We overcome the limitations of vanilla GANs by using conditional sequence generation. This technique helps in identifying key features for XSS attacks. We trained a generative model based on attack labels and attack features. The attack features were identified using semantic tokenization, and the attack payloads were generated using conditional sequence GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform, and it saves the significant effort invested in manual penetration testing.
Palabras clave

Texto completo: 1 Colección: 01-internacional Banco de datos: MEDLINE Idioma: En Revista: Sensors (Basel) Año: 2023 Tipo del documento: Article País de afiliación: Estados Unidos

Texto completo: 1 Colección: 01-internacional Banco de datos: MEDLINE Idioma: En Revista: Sensors (Basel) Año: 2023 Tipo del documento: Article País de afiliación: Estados Unidos