This paper is published in Volume-7, Issue-4, 2021
Area
Security
Author
Jayshish M. Popat, Mohammad Ashar Nawab, Asuri Ritesh Kumar, Nishant Prakash, Manjula M.
Org/Univ
Atria Institute of Technology, Bengaluru, Karnataka, India
Keywords
Vulnerabilities, Exploits, Proofs, False Positives, Resources
Citations
IEEE
Jayshish M. Popat, Mohammad Ashar Nawab, Asuri Ritesh Kumar, Nishant Prakash, Manjula M.. Web application security – Automating the manual exploitation methods and eliminating false positives, International Journal of Advance Research, Ideas and Innovations in Technology, www.IJARIIT.com.
APA
Jayshish M. Popat, Mohammad Ashar Nawab, Asuri Ritesh Kumar, Nishant Prakash, Manjula M. (2021). Web application security – Automating the manual exploitation methods and eliminating false positives. International Journal of Advance Research, Ideas and Innovations in Technology, 7(4) www.IJARIIT.com.
MLA
Jayshish M. Popat, Mohammad Ashar Nawab, Asuri Ritesh Kumar, Nishant Prakash, Manjula M.. "Web application security – Automating the manual exploitation methods and eliminating false positives." International Journal of Advance Research, Ideas and Innovations in Technology 7.4 (2021). www.IJARIIT.com.
Jayshish M. Popat, Mohammad Ashar Nawab, Asuri Ritesh Kumar, Nishant Prakash, Manjula M.. Web application security – Automating the manual exploitation methods and eliminating false positives, International Journal of Advance Research, Ideas and Innovations in Technology, www.IJARIIT.com.
APA
Jayshish M. Popat, Mohammad Ashar Nawab, Asuri Ritesh Kumar, Nishant Prakash, Manjula M. (2021). Web application security – Automating the manual exploitation methods and eliminating false positives. International Journal of Advance Research, Ideas and Innovations in Technology, 7(4) www.IJARIIT.com.
MLA
Jayshish M. Popat, Mohammad Ashar Nawab, Asuri Ritesh Kumar, Nishant Prakash, Manjula M.. "Web application security – Automating the manual exploitation methods and eliminating false positives." International Journal of Advance Research, Ideas and Innovations in Technology 7.4 (2021). www.IJARIIT.com.
Abstract
Many web application security scanners are prone to false alarms indicating that your website is vulnerable when it isn’t. False positives are a major problem in web application security, as they make security testing slower, less accurate and more frustrating. Proof-Based Web Vulnerability Scanning Technology in DevSecOps/SecDevOps environment will let you eliminate security vulnerabilities as early as possible, helping you save a lot of resources. It would automatically exploit identified web security vulnerabilities and also produce a proof of exploits that confirms that the identified vulnerabilities are genuine and not false positives. In this paper we present a technique to find web vulnerabilities using our proposed algorithm and provide extracted sample data as proofs. Our tool identifies vulnerabilities with the same level of certainty as a penetration tester or bounty hunter. This will assist developers and security teams in fixing vulnerabilities in less possible times.