Go to DBLP homepagePrototyping an Agent for Dynamic Generation of Attack-Payloads in Web Application Vulnerability Assessment
Abstract: Web applications can now be easily built by anyone and become an important part of providing a variety of information and services on the Internet. On the other hand, security threats are always present. Therefore, vulnerability assessments are generally performed before Web applications are released to the public. However, conventional diagnostic tools are inefficient because they are data-driven can only perform fixed attacks, and ignore responses from web applications. Therefore, we propose the use of an agent that considers the responses of web applications to generate attack-payloads for vulnerability assessment tools. We aim to generate flexible attack-payloads by using pattern mining and heuristic rules for generating attack-payloads. In addition, the agent can be modeled as a feature vector to generate attack-payloads that consider the responses from complex web applications, thereby making learning more efficient.
Loading