Artificial Intelligence and Dynamic Analysis-Based Web Application Vulnerability Scanner

Abstract

The widespread use of web applications and running on sensitive data has made them one of the most significant targets of cyber attackers. One of the most crucial security measures that can be taken is detecting and closing vulnerabilities on web applications before attackers. This study developed a web application vulnerability scanner based on dynamic analysis and artificial intelligence, which could test web applications using GET and POST methods and had test classes for 21 different vulnerability types. The developed vulnerability scanner was tested on a web application test laboratory, created within this study's scope and had 262 different web applications. A data set was created from the tests performed using the developed vulnerability scanner. In this study, web page classification was made using the mentioned data set as a first stage. The highest success rate in the page classification process was determined by 95.39% using the Random Forest Algorithm. The second operation performed using the dataset was the association analysis between vulnerabilities. The proposed model saved 21% more time than the standard scanning model. The page classification process was also used in crawling the web application in this study