Adding web pentesting functionality to PTHelper

• URL: http://arxiv.org/abs/2410.12422v1
• Date: Wed, 16 Oct 2024 10:05:56 GMT
• Title: Adding web pentesting functionality to PTHelper
• Authors: María Olivares-Naya, Jacobo Casado de Gracia, Alfonso Sánchez-Macián,
• Abstract summary: This project is the direct continuation of the previous initiative called PThelper: An open source tool to support the Penetration Testing process. This continuation is focused on expanding PThelper with the functionality to detect and later report web vulnerabilities.
• Score: 0.4779196219827506
• License:
• Abstract: Web application pentesting is a crucial component in the offensive cybersecurity area, whose aim is to safeguard web applications and web services as the majority of the web applications are mounted in publicly accessible web environments. This method requires that the cybersecurity experts pretend and act as real attackers to identify all the errors and vulnerabilities in web applications with the objective of preventing and reducing damages. As this process may be quite complex and the amount of information pentesters need may be big, being able to automate it will help them to easily discover the vulnerabilities given. This project is the direct continuation of the previous initiative called PThelper: An open source tool to support the Penetration Testing process. This continuation is focused on expanding PThelper with the functionality to detect and later report web vulnerabilities in order to address emerging threats and strengthen the ability of the organizations to protect their web applications against potential cyber-attacks.

Related papers

• Countering Autonomous Cyber Threats [40.00865970939829]
  Foundation Models present dual-use concerns broadly and within the cyber domain specifically. Recent research has shown the potential for these advanced models to inform or independently execute offensive cyberspace operations. This work evaluates several state-of-the-art FMs on their ability to compromise machines in an isolated network and investigates defensive mechanisms to defeat such AI-powered attacks.
  arXiv  Detail & Related papers  (2024-10-23T22:46:44Z)
• BreachSeek: A Multi-Agent Automated Penetration Tester [0.0]
  BreachSeek is an AI-driven multi-agent software platform that identifies and exploits vulnerabilities without human intervention. In preliminary evaluations, BreachSeek successfully exploited vulnerabilities in exploitable machines within local networks. Future developments aim to expand its capabilities, positioning it as an indispensable tool for cybersecurity professionals.
  arXiv  Detail & Related papers  (2024-08-31T19:15:38Z)
• WebAssembly and Security: a review [0.8962460460173961]
  We analyze 121 papers by identifying seven different security categories. We aim to fill this gap by proposing a comprehensive review of research works dealing with security in WebAssembly.
  arXiv  Detail & Related papers  (2024-07-17T03:37:28Z)
• Rethinking the Vulnerabilities of Face Recognition Systems:From a Practical Perspective [53.24281798458074]
  Face Recognition Systems (FRS) have increasingly integrated into critical applications, including surveillance and user authentication. Recent studies have revealed vulnerabilities in FRS to adversarial (e.g., adversarial patch attacks) and backdoor attacks (e.g., training data poisoning)
  arXiv  Detail & Related papers  (2024-05-21T13:34:23Z)
• Attention-Based Real-Time Defenses for Physical Adversarial Attacks in Vision Applications [58.06882713631082]
  Deep neural networks exhibit excellent performance in computer vision tasks, but their vulnerability to real-world adversarial attacks raises serious security concerns. This paper proposes an efficient attention-based defense mechanism that exploits adversarial channel-attention to quickly identify and track malicious objects in shallow network layers. It also introduces an efficient multi-frame defense framework, validating its efficacy through extensive experiments aimed at evaluating both defense performance and computational cost.
  arXiv  Detail & Related papers  (2023-11-19T00:47:17Z)
• Machine Learning for Detection and Mitigation of Web Vulnerabilities and Web Attacks [0.0]
  Cross-site scripting (XSS) and cross-site request forgery (CSRF) have been a great concern in the field of web security. Several ideas have been put forth that can be used to improve the performance of detecting these web vulnerabilities. Machine learning techniques have lately been used by researchers to defend against XSS and CSRF.
  arXiv  Detail & Related papers  (2023-04-27T18:27:26Z)
• Not what you've signed up for: Compromising Real-World LLM-Integrated Applications with Indirect Prompt Injection [64.67495502772866]
  Large Language Models (LLMs) are increasingly being integrated into various applications. We show how attackers can override original instructions and employed controls using Prompt Injection attacks. We derive a comprehensive taxonomy from a computer security perspective to systematically investigate impacts and vulnerabilities.
  arXiv  Detail & Related papers  (2023-02-23T17:14:38Z)
• Attack Techniques and Threat Identification for Vulnerabilities [1.1689657956099035]
  prioritization and focus become critical, to spend their limited time on the highest risk vulnerabilities. In this work, we use machine learning and natural language processing techniques, as well as several publicly available data sets. We first map the vulnerabilities to a standard set of common weaknesses, and then common weaknesses to the attack techniques. This approach yields a Mean Reciprocal Rank (MRR) of 0.95, an accuracy comparable with those reported for state-of-the-art systems.
  arXiv  Detail & Related papers  (2022-06-22T15:27:49Z)
• Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
  Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
  arXiv  Detail & Related papers  (2020-10-19T13:09:31Z)
• Adversarial Machine Learning Attacks and Defense Methods in the Cyber Security Domain [58.30296637276011]
  This paper summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques. It is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain.
  arXiv  Detail & Related papers  (2020-07-05T18:22:40Z)
• Phishing and Spear Phishing: examples in Cyber Espionage and techniques to protect against them [91.3755431537592]
  Phishing attacks have become the most used technique in the online scams, initiating more than 91% of cyberattacks, from 2012 onwards. This study reviews how Phishing and Spear Phishing attacks are carried out by the phishers, through 5 steps which magnify the outcome.
  arXiv  Detail & Related papers  (2020-05-31T18:10:09Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.