Automating web application vulnerability detection: a generative AI and security tool based penetration testing framework
Date
2025-10
Journal Title
Journal ISSN
Volume Title
Publisher
BRAC University
Abstract
In the current age of interconnected computer networks, web applications have
emerged as one of the most prominent mediums for information interchange, sensitive
data sharing and even critical transactions. Therefore, ensuring the security of
these web applications is one of the most important aspects of web security. Despite
this, a significant number of web applications fail to implement basic security measures,
making them vulnerable to cyber attacks orchestrated by malicious actors,
also known as “black hat” attacks. Detecting these vulnerabilities is essential to
safeguard both user and organizational data. One of the most effective methods for
identifying security flaws in web application systems is penetration testing. However,
traditional penetration testing is time consuming and prone to human error
due to its dependence on manual processes. As the complexity of modern web applications
rises, relying solely on manual methods is no longer sufficient for ensuring
effective security coverage. To address this challenge, this paper aims to implement
automation systems for these methods of detection to accelerate the process of penetration
testing tenfold. In our approach, we have utilized a combination of different
open-source tools and Generative AI-driven analysis to enhance the efficiency of
detecting web application vulnerability in the process of penetration testing. This
approach represents a crucial advancement in overcoming the limitations of manual
testing, addressing the need for faster and more adaptive security solutions.
Description
Cataloged from PDF version of thesis.
Includes bibliographical references (pages 88-94).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science, 2025.
Includes bibliographical references (pages 88-94).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science, 2025.
Keywords
Penetration testing, Web applications, Vulnerability detection, AI, Retrieval-augmented generation, Generative AI, Web security
