AI-Based Vulnerability Scanner for Detecting Common Website Security Flaws: A Comprehensive Review

AI-Based Vulnerability Scanner for Detecting Common Website Security Flaws: A Comprehensive Review

Dr. Venkatesh Shankar1, Ramprasad Kulkarni2, Shridhar Bhovi3 , Varun Chiniwalar 4,Chinmay Betageri5

1Professor, Head of Department (CSE), KLS Vishwanathrao Deshpande Institiute of Technology, Haliyal, India.

2345BE Student, Department Of Computer Science and Engineering(AI & ML), KLS Vishwanathrao Deshpande Institiute of Technology, Haliyal, India

ABSTRACT

            Due to the high number of sectors utilizing web applications today such as, banking, healthcare, e-commerce and so on, security is the most prominent issue concerning the web applications. Traditional vulnerability testing techniques, such as manual penetration testing, may become time-consuming and expensive; they may also have a very high tolerance that renders them incapable of scaling to the size and complexity of a contemporary web application. A web vulnerability scanner created by us in this paper can prevent these deficiencies. Scanner based on the principles of crawling a web site, traversing links and form fields, submitting forms and reading responses, gathering all input vector by, and then determining all potential XSS -injection points. The trick that the tool applies is to execute attack payloads on target applications and to test their responses to attack the most prevalent web application security vulnerabilities. When a scan is completed, it creates a report in the form of JSON and enumerates the severity, description and location of the vulnerabilities identified. This automated method eliminates most of the manual testing and gives the developers relevant feedback of what they can do to enhance the security of web applications. The scanner is tiny and needs no extra computer hardware thus a great tool to developers, small businesses and schools. Experimentally, the scanner was determined to be capable of effectively identifying the vulnerable states and a practical tool in enhancing web security by experimenting with home-made vulnerable sites. The work is to be seen as a more convenient and efficient solution instead of the traditional security testing technology besides it aids in the fill-up of the hue in the vital security defects of web applications.

            Keywords — Web Vulnerability Scanner, SQL, Cross-Site Scripting (XSS) and Automated Security Testing and Vulnerability Detection.