Singapore Institute of Technology
Browse
- No file added yet -

ASAP: Application Security Assessment Protocol

Download (462.67 kB)
conference contribution
posted on 2024-09-17, 03:43 authored by Vivek BalachandranVivek Balachandran, Kirwan Ryan FraserKirwan Ryan Fraser, Kok Keong Peter LohKok Keong Peter Loh, Mohamed Riaz Ebrahim, Ravishanker Kusuma

Web application attacks are increasing in number and growing in sophistication. Due to various needs to support today’s digital world and business process, web, APIs and mobile apps are growing in number and scale. In particular, cyber- attacks are increasing in the web layer, posing an easy target for attackers. Currently, there is no common industry standard for a web security payload template and an approach that security community, researchers and companies can contribute and rely on to test any web applications, APIs and mobile apps. Although different open source and commercial web security scanners are available, a single standard open source collaboration project can benefit the various IT industries. Start-ups and Small Medium Enterprises (SMEs) in particular can use this readily available and validated open source tool to scan web apps for security vulnerabilities using a standard approach and with updated payloads from the security community. In this work we are designing an intuitive framework for security researchers to translate attack vectors into a common language, that can represent security attack vectors with a minimal learning curve. The framework also has an assessment engine that can use the attack vectors from the repository to assess the security vulnerability of a web application.

History

Journal/Conference/Book title

2023 IEEE International Conference on Service Operations and Logistics, and Informatics (SOLI)

Publication date

2024-02-14

Version

  • Pre-print

Rights statement

This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessible.

Usage metrics

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC