The web application market has shown rapid growth in recent years. Current security research utilizes source code analysis, and manual exploitation of web applications to identify security vulnerabilities such as Cross-site Scripting, SQL Injection. The attack samples generated as part of web application penetration testing can be easily blocked using Web Application Firewalls (WAFs). In this talk, I will discuss the use of conditional generative adversarial network (GAN) to identify key features for XSS attacks, and train a generative model based on attack labels, and attack features. The attack features are identified using semantic tokenization, and the attack payloads are generated using conditional GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform and saves significant effort invested by the penetration testing team.
Sr. Application Security Engineer, 6Sense
Dr. Ankur Chowdhary is a cybersecurity researcher. He received Ph.D. (2020) and M.S. (2015) with specialization in cybersecurity from Arizona State University (ASU). His research interests include appsec, cloud security and AI/ML in cybersecurity.