Automating web application vulnerability detection: a generative AI and security tool based penetration testing framework

Abstract

In the current age of interconnected computer networks, web applications have emerged as one of the most prominent mediums for information interchange, sensitive data sharing and even critical transactions. Therefore, ensuring the security of these web applications is one of the most important aspects of web security. Despite this, a significant number of web applications fail to implement basic security measures, making them vulnerable to cyber attacks orchestrated by malicious actors, also known as “black hat” attacks. Detecting these vulnerabilities is essential to safeguard both user and organizational data. One of the most effective methods for identifying security flaws in web application systems is penetration testing. However, traditional penetration testing is time consuming and prone to human error due to its dependence on manual processes. As the complexity of modern web applications rises, relying solely on manual methods is no longer sufficient for ensuring effective security coverage. To address this challenge, this paper aims to implement automation systems for these methods of detection to accelerate the process of penetration testing tenfold. In our approach, we have utilized a combination of different open-source tools and Generative AI-driven analysis to enhance the efficiency of detecting web application vulnerability in the process of penetration testing. This approach represents a crucial advancement in overcoming the limitations of manual testing, addressing the need for faster and more adaptive security solutions.

Description

Cataloged from PDF version of thesis.
Includes bibliographical references (pages 88-94).
This thesis is submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Computer Science, 2025.

Keywords

Penetration testing, Web applications, Vulnerability detection, AI, Retrieval-augmented generation, Generative AI, Web security

Citation

Endorsement

Review

Supplemented By

Referenced By