ASAP: Application Security Assessment Protocol
Web application attacks are increasing in number and growing in sophistication. Due to various needs to support today’s digital world and business process, web, APIs and mobile apps are growing in number and scale. In particular, cyber- attacks are increasing in the web layer, posing an easy target for attackers. Currently, there is no common industry standard for a web security payload template and an approach that security community, researchers and companies can contribute and rely on to test any web applications, APIs and mobile apps. Although different open source and commercial web security scanners are available, a single standard open source collaboration project can benefit the various IT industries. Start-ups and Small Medium Enterprises (SMEs) in particular can use this readily available and validated open source tool to scan web apps for security vulnerabilities using a standard approach and with updated payloads from the security community. In this work we are designing an intuitive framework for security researchers to translate attack vectors into a common language, that can represent security attack vectors with a minimal learning curve. The framework also has an assessment engine that can use the attack vectors from the repository to assess the security vulnerability of a web application.
History
Journal/Conference/Book title
2023 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)Publication date
2024-02-14Version
- Pre-print