English
Related papers

Related papers: Adding web pentesting functionality to PTHelper

200 papers

Web applications require access to the file-system for many different tasks. When analyzing the security of a web application, secu- rity analysts should thus consider the impact that file-system operations have on the security of the whole…

Cryptography and Security · Computer Science 2017-05-11 Federico De Meo , Luca Viganò

Prompt injection attacks manipulate webpage content to cause web agents to execute attacker-specified tasks instead of the user's intended ones. Existing methods for detecting and localizing such attacks achieve limited effectiveness, as…

Cryptography and Security · Computer Science 2026-02-04 Xilong Wang , Yinuo Liu , Zhun Wang , Dawn Song , Neil Gong

Web Application finger printing is a quintessential part of the Information Gathering phase of (ethical) hacking. It allows narrowing down the specifics instead of looking for all clues. Also an application that has been correctly…

Cryptography and Security · Computer Science 2013-07-01 Karthik R , Raghavendra Karthik , Pramod S , Sowmya Kamath

We present AuthREST, an open-source security testing tool targeting broken authentication, one of the most prevalent API security risks in the wild. AuthREST automatically tests web APIs for credential stuffing, password brute forcing, and…

Cryptography and Security · Computer Science 2025-09-15 Davide Corradini , Mariano Ceccato , Mohammad Ghafari

Web services are becoming business-critical components, often deployed with critical software bugs that can be maliciously explored. Web vulnerability scanners allow the detection of security vulnerabilities in web services by stressing the…

Cryptography and Security · Computer Science 2022-12-26 Osejobe Ehichoya , Chinwuba Christian Nnaemeka

The field of software security testing, more specifically penetration testing, is an activity that requires high levels of expertise and involves many manual testing and analysis steps. This paper explores the potential usage of…

Computation and Language · Computer Science 2023-10-19 Andreas Happe , Jürgen Cito

Penetration testing is essential for identifying vulnerabilities in web applications before real adversaries can exploit them. Recent work has explored automating this process with Large Language Model (LLM)-powered agents, but existing…

Software Engineering · Computer Science 2026-01-13 Huihui Huang , Jieke Shi , Junkai Chen , Ting Zhang , Yikun Li , Chengran Yang , Eng Lieh Ouh , Lwin Khin Shar , David Lo

Offensive security-tests are a common way to pro-actively discover potential vulnerabilities. They are performed by specialists, often called penetration-testers or white-hat hackers. The chronic lack of available white-hat hackers prevents…

Software Engineering · Computer Science 2023-08-24 Andreas Happe , Jürgen Cito

Protection of Web applications is an activity that requires constant monitoring of security threats as well as looking for solutions in this field. Since protection has moved from the lower layers of OSI models to the application layer and…

Cryptography and Security · Computer Science 2010-03-25 Srdjan Stankovic , Dejan Simic

Web applications are the target of many well known exploits and also a fertile ground for the discovery of security vulnerabilities. Yet, the success of an exploit depends both on the vulnerability in the application source code and the…

Cryptography and Security · Computer Science 2018-08-30 Stanislav Dashevskyi , Daniel Ricardo dos Santos , Fabio Massacci , Antonino Sabetta

Web applications play a crucial role in our daily lives, making it essential to employ testing methods that ensure their quality. Typically, Web testing automation frameworks rely on locators to interact with the graphical user interface,…

Software Engineering · Computer Science 2025-06-02 Dario Olianas , Diego Clerissi , Maurizio Leotta , Filippo Ricca

Recent changes in standards and regulations, driven by the increasing importance of software systems in meeting societal needs, mandate increased security testing of software systems. Penetration testing has been shown to be a reliable…

Cryptography and Security · Computer Science 2024-12-18 Charilaos Skandylas , Mikael Asplund

In our research, we introduce a new concept called "LLM Augmented Pentesting" demonstrated with a tool named "Pentest Copilot," that revolutionizes the field of ethical hacking by integrating Large Language Models (LLMs) into penetration…

Cryptography and Security · Computer Science 2025-05-20 Dhruva Goyal , Sitaraman Subramanian , Aditya Peela , Nisha P. Shetty

Fault attacks consist in changing the program behavior by injecting faults at run-time in order to break some expected security properties. Applications are hardened against fault attack adding countermeasures. According to the state of the…

Cryptography and Security · Computer Science 2023-03-06 Etienne Boespflug , Abderrahmane Bouguern , Laurent Mounier , Marie-Laure Potet

Recent advances in Large Language Models (LLMs) have shown significant potential in enhancing cybersecurity defenses against sophisticated threats. LLM-based penetration testing is an essential step in automating system security evaluations…

Cryptography and Security · Computer Science 2024-07-26 Junjie Huang , Quanyan Zhu

Agentic AI is transforming security by automating many tasks being performed manually. While initial agentic approaches employed a monolithic architecture, the Model-Context-Protocol has now enabled a remote-procedure call (RPC) paradigm to…

Cryptography and Security · Computer Science 2025-10-07 Zachary Ezetta , Wu-chang Feng

Cyber threat hunting is the practice of proactively searching for latent threats in a network. Engaging in threat hunting can be difficult due to the volume of network traffic, variety of adversary techniques, and constantly evolving…

Cryptography and Security · Computer Science 2025-03-10 Matthew J. Turner , Mike Carenzo , Jackie Lasky , James Morris-King , James Ross

Vulnerability Discovery with attack Injection security threats are increasing for the server software, when software is developed, the software tested for the functionality. Due to unawareness of software vulnerabilities most of the…

Networking and Internet Architecture · Computer Science 2014-02-12 G. Vijay Kumar , Ravikumar S. Raykundaliya , Dr. P. Naga Prasad

This paper proposes a novel visual model for web applications security monitoring. Although an automated intrusion detection system can shield a web application from common attacks, it usually cannot detect more complicated break-ins. So, a…

Cryptography and Security · Computer Science 2019-04-09 Tran Tri Dang , Tran Khanh Dang

With the increasing concern for security in the network, many approaches are laid out that try to protect the network from unauthorised access. New methods have been adopted in order to find the potential discrepancies that may damage the…

Cryptography and Security · Computer Science 2014-03-28 Sheetal Bairwa , Bhawna Mewara , Jyoti Gajrani