Vulnerability Assessment and Penetration Testing through Artificial Intelligence

Similar documents
Aguascalientes Local Chapter. Kickoff

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Copyright

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

Web Application Security. Philippe Bogaerts

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Chapter 5: Vulnerability Analysis

OWASP TOP OWASP TOP

Solutions Business Manager Web Application Security Assessment

Application Security Approach

C1: Define Security Requirements

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

SECURITY TESTING. Towards a safer web world

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13

OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

Simplifying Application Security and Compliance with the OWASP Top 10

Presentation Overview

OPEN WEB APPLICATION SECURITY PROJECT OWASP TOP 10 VULNERABILITIES

Specialized Security Services, Inc. REDUCE RISK WITH CONFIDENCE. s3security.com

PrecisionAccess Trusted Access Control

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

The Top 6 WAF Essentials to Achieve Application Security Efficacy

Web Applications Penetration Testing

Security Solutions. Overview. Business Needs

GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.

Web Application Penetration Testing

10 FOCUS AREAS FOR BREACH PREVENTION

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example

Top 10 Web Application Vulnerabilities

DEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology

Your Turn to Hack the OWASP Top 10!

Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West

Curso: Ethical Hacking and Countermeasures

Secure Application Development. OWASP September 28, The OWASP Foundation

OWASP Top David Caissy OWASP Los Angeles Chapter July 2017

A Modified Approach for Kerberos Authentication Protocol with Secret Image by using Visual Cryptography

Don t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel

W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s

Integrated Access Management Solutions. Access Televentures

Mitigating Security Breaches in Retail Applications WHITE PAPER

CSWAE Certified Secure Web Application Engineer

Certified Secure Web Application Engineer

1 About Web Security. What is application security? So what can happen? see [?]

Introduction F rom a management perspective, application security is a difficult topic. Multiple parties within an organization are involved, as well

Security Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

716 West Ave Austin, TX USA

Protect Your Organization from Cyber Attacks

Robust Defenses for Cross-Site Request Forgery Review


Featuring. and. Göteborg. Ulf Larson Thursday, October 24, 13

THREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda

Trustwave Managed Security Testing

Security Testing White Paper

Application Layer Security

EC-Council V9 Exam

A Measurement Companion to the CIS Critical Security Controls (Version 6) October

RiskSense Attack Surface Validation for Web Applications

Exploiting and Defending: Common Web Application Vulnerabilities

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

EasyCrypt passes an independent security audit

Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software

IPM Secure Hardening Guidelines

John Coggeshall Copyright 2006, Zend Technologies Inc.

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

Frequently Asked Questions WPA2 Vulnerability (KRACK)

Introduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013

RiskSense Attack Surface Validation for IoT Systems

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

MigrationWiz Security Overview

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

Denial of Service and Distributed Denial of Service Attacks

Application vulnerabilities and defences

Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting

SOLUTION BRIEF. Enabling and Securing Digital Business in API Economy. Protect APIs Serving Business Critical Applications

SDR Guide to Complete the SDR

Bank Infrastructure - Video - 1

hidden vulnerabilities

5. Execute the attack and obtain unauthorized access to the system.

RSA INCIDENT RESPONSE SERVICES

Ethical Hacking and Prevention

How NOT To Get Hacked

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

EV CHARGING: MAPPING OUT THE CYBER SECURITY THREATS AND SOLUTIONS FOR GRIDS AND CHARGING INFRASTRUCTURE

Attackers Process. Compromise the Root of the Domain Network: Active Directory

V Conference on Application Security and Modern Technologies

ANZTB SIGIST May 2011 Perth OWASP How minor vulnerabilities can do very bad things. OWASP Wednesday 25 th May The OWASP Foundation

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

ANATOMY OF AN ATTACK!

Introduction to Ethical Hacking. Chapter 1

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

Transcription:

Vulnerability Assessment and Penetration Testing through Artificial Intelligence Prof. Shraddha More 1, Arpit Rohela 2 1,2 Department of Information Technology, SJCEM, Abstract Every organization has some serious assets to be taken care of in aspects of security. For this purpose they employ professionals, these professionals cannot take care of a problem if they don t have total insights of the assets of the organization in the proper format, internally and externally i.e., relation between all the assets, their states and configurations. Later comes the penetration testing part where all of these assets test for their hardening level. Today s solutions lacks the proper relation between representation, gathered data and make sense on its own moreover take action on that and total framework where all of the obtained information and test plans with test results can be brought to us from the single platform and compared for changes to know whether they are effectively enough, or are just posing an overhead for effective business and technology environment. The security auditors give away a lot of time and effort for collection of data/evidence and making information out of it whether by scans or open source information collection. This framework is designed to ease the penetration testing and security hardening jobs. It uses all the updated technologies like AI, cloud and big data. The AI is for making relation between the collected data, relate the vulnerability in its root configuration or versions of the assets and suggest or execute the exploit in order to test the hardening of the assets. The cloud will pose as the platform which will stabilize the major extent of processing, hold information/evidence and data apart from big data for managing AI training dataset. Keywords Vulnerability Assessment; Penetration Testing; Artificial Intelligence; CVE; Two-factor authentication; man-in-the-middle attack; Cross-Site Request Forgery (CSRF); Un-validated Redirects. I. INTRODUCTION The vulnerability assessment and penetration testing are as old as security in the computer world. Vulnerability testing promises vulnerability discovery based on the known symptoms while penetration testing is practically putting weakness to test to reveal real hardness of the security in place. While vulnerability analysis focus more on whether the weakness exists or not, penetration testing is to determine if unauthorized access to key assets are a possibility [1]. Answer to most of the vulnerability scanners scan results can be measured in percentage of correctness and are burdened with probability of false positive in numerous cases whereas penetration testing is deviation less which means the solution of the process is definite i.e., Yes(exploitable) or No(Not Exploitable). The importance of this framework with respect to vulnerability assessment and penetration testing is to implement automatic defense systems that can monitor, discover and prove what it discovered is right, with exploit generation, and correct software flaws in real-time, effectively using AI [2]. The framework bring different sorts of AI paradigm and dynamic programming in use. One of the AI paradigms is Reinforcement Learning under which it solves control problems and sequential decision making tasks, second one is Supervised Learning which is used to solve pattern recognition, regression (function approximation), further comes Unsupervised Learning which solves estimation problem, grouping (clustering), estimation of statistical distribution, compressing and filtering [3]. DOI:10.23883/IJRTER.2018.4028.RDD10 217

Some of the past work done is from darktrace which promises anomaly detection driven by unsupervised machine learning [4] and some participated machines from 2016 Cyber_Grand_Challenge form DARPA. Those systems brought in use numerous tools, techniques and expert knowledge to create fully autonomous self-driven systems that perform automated software patching, vulnerability detection and exploit generation in binary software without human intervention [5]. Fig.1: Intrusion detection of network with the help of AI The rest of the paper is organized as follows: Section II describes related work. In Section III discuss about working of proposed system. Section IV presents implementation details about the proposed system. Section V projects on conclusions and future scope. II. LITERATURE SURVEY The Patternex is a system that essentially focus on Humans and computers to work together to identify evolving cyber-attack patterns buried in our data[6], which basically is allowing analyst to help machine learn their techniques to detect and act on cyber-attack. Vectra can differentiate among anomalous user and a potential hacker threat behaviors. It also automates attacker detection and allows to respond faster to the most serious threats [7] while Patternex works externally, Vectra is used after the attacker is in the protected parameter after successful breach of the network. While Patternex involves humans accuracy which can be considered best when taking decisions on whether or not to act on the detection of event or sequence of events, there exists another detection approach called Darktrace which uses algorithms and unsupervised learning, which is pretty successful [2], how it basically works is comparison of the already existing system infrastructure with anything unusual or unseen detected. The above systems are related to network intrusions but nowhere related to penetration testing of the software that contribute to network traffic. The system that can do this penetration testing and can contribute to improvements are systems are the one that participated in DARPA s Cyber Grand Challenge like Mahem. @IJRTER-2018, All Rights Reserved 218

III. PROPOSED WORK The Patternex is a system that essentially focus on Humans and computers to work together to identify evolving cyber-attack patterns buried in our data[6], which basically is allowing analyst to help machine learn their techniques to detect and act on cyber-attack. Vectra can differentiate ability scanner will first scan the webserver, retrieve the results by eliminating the false positives. The second stage will intake the results form vulnerability scanner and perform the operations which are generally performed by penetration testers to make a system secure with the help of Artificial Intelligence (AI) technology. The system here eliminates the need of penetration tester s repetitive work or complete need of penetration tester s involvement in the security analysis process. The network vulnerability scanner on the cloud is scalable and hence performs fast port scans on the server IP address, finds the open ports of the server, reveals the service and service versions of the open ports. These services are searched in the CVE database and known vulnerability are tested by the AI algorithms, the results from the results are shown in the reports. The web app scanner will perform test modules from the stack of attack provided by us on the vulnerability scanner, then will move on to other attacks that will be performed by the AI tech applied on the cloud by gathering all the information from the web app vulnerability scanner and there on. At the last the vulnerabilities that are high on priorities are sent as email immediately with overall report that list other medium and low information leaking vulnerabilities. Fig 2: System Architecture The first step is to check if the host to be scanned is up and running in order to avoid wasting time on scanning a dead or unreachable host. This detection is done by probing some well-known TCP and UDP ports. If the scanner receives at least one reply from the remote host, it continues the scan. The second test is to check if the host is behind any firewalling/filtering device. This test enables the scanner to gather more information about the network infrastructure and will help during the scan of TCP and UDP ports. The third step is to detect all open TCP and UDP ports to determine which services are running on this host. @IJRTER-2018, All Rights Reserved 219

Once the TCP port scanning has been performed, the scanner tries to identify the operating system running on the host. This detection is based on sending specific TCP packets to open and closed ports. Once TCP/UDP ports have been found open, the scanner tries to identify which service runs on each open port by using active discovery tests. Once the scanner has identified the specific services running on each open TCP and UDP port, it performs the actual vulnerability assessment. The scanner first tries to check the version of the service in order to detect only vulnerabilities applicable to this specific service version. Every vulnerability detection is non-intrusive, meaning that the scanner never exploits a vulnerability if it could negatively affect the host in any way. IV. EXPERIMENTAL RESULTS The system implementation is divided into following phases: 4.1 Cross-Site Request Forgery (CSRF) A CSRF attack is shown in fig.2 which forces a logged-on victim s browser to send a forged HTTP request, including the victim s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim s browser to generate requests the vulnerable. Fig 3: CSRF Admin page Fig 4: Result Page 4.2 Un-validated Redirects Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages. Fig 5: Redirect Python Run @IJRTER-2018, All Rights Reserved 220

Fig 6:Redirect step 4.3 Using Components With known Redirects Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts. Fig 7: Script Run Fig 8: Script Result 4.4 Mail Login Passwords for the mail id are guessed, applied and validated from a dictionary that consist of list of most commonly passwords. As the password is found the attacker gets notified with the correct password and can use it further exploit the user. @IJRTER-2018, All Rights Reserved 221

Fig 9: Mail Login Run Fig 10: Passwords Attempts 4.5 Sensitive Data Exposure Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser. Fig 11: Data Exposure Results 4.6 Security Misconfiguration Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date. @IJRTER-2018, All Rights Reserved 222

Fig 12: Security Misconfigurations Results 4. 7 SQL Injection Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization. Fig 13: SQL Injection Results 4.8 Broken Authentication and Session Management Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users identities. Fig 14: Authentication Window V. CONCLUSION AND FUTURE WORK In this system, we presented a Vulnerability scanner that aimed at detecting web application vulnerabilities. The simplicity and friendliness is the advantage of the project. The environment is made user friendly to the maximum so that anyone can run the scans provided and could access the system via the secure authentication system via the time based one-time passwords. The vulnerabilities for which the system will be scanned for are the most common major threats to web application which comes under OWASP top 10 vulnerabilities. The scanner need not to be installed on any system for use which is a bigger advantage and will be accessible through an internet based service hence no performance load will be an impact on the users system. @IJRTER-2018, All Rights Reserved 223

The scanner was built by keeping in mind the ease with which the user can access the service without having any prior knowledge continuing with it in the future the results obtained by scanning will directly be mailed to the users registered email address. Patches for the detected vulnerabilities will be suggested to the user in the report itself so that the time consumed in repairing the system will be considerably decreased. REFERENCES I. PENETRATION TESTING : https://www.veracode.com/security/penetration-testing, Accessed on 11.08.2016, 11.00 AM. II. Matthijs Mass, Artificial Intelligence and the Future of Defense, Available at: https://hcss.nl/sites/default/files/files/reports/artificial%20intelligence%20and%20the%20future%20of%20de fense.pdf. III. Machine learning : https://en.wikipedia.org/wiki/machine_learning#types_of_problems_and_tasks, Accessed on 20.08.2016, 1.00 PM. IV. DARK TRACE : https://www.darktrace.com, Accessed on 28.08.2016, 05.00 PM. V. Cyber Challenges : https://en.wikipedia.org/wiki/2016_cyber_grand_challenge, Accessed on 2.09.2016, 9.00PM. VI. Introducing the PatternEx Virtual Analyst Platform :https://www.patternex.com/blog/patternex-virtual-analystplatform-speeds-investigations-by-20x, Accessed on 10.09.2016, 07.00 PM. Vectra :https://vectra.ai/, Accessed on 23.09.2016, 10.00 AM. H.S. Venter, J.H.P. Eloff, (2004), Vulnerability forecasting a conceptual model, University of Pretoria, SA, Department of Computer Science, www.acm.org IX. Tony Howlett, (2004), Open Source Security Tools, Prentice Hall 2004 X. William Stallings, (2003), Network Security Essentials, Pearson Education 2003 VII. VIII. XI. Bragg, Roberta, (2003), CISSP, Training Guide, QUE CORPORATION 2003 XII. Joel Scambray, Stuart McClure, George Kurtz, Hacking Exposed: Network Security Secrets and Solutions, 3rd Edition, Foundstone Inc. XIII. XIV. XV. XVI. Shraddha More, R.Bansode, Side Channel Attack on various Cryptographic Algorithms in International Journal of Scientific and Engineering Research (IJSER), ISSN 2229-5518, Volume 6, Issue 8, August 2015. John Wack, Miles Tracy, Murugiah Souppaya Guideline on Network Security Testing, 2003, NIST Special Publication 800-42, http://csrc.nist.gov/publications/nistpubs/800-42/nist- SP800-42.pdf Richard C. Linger, Howard F. Lipson, John McHugh, Nancy R. Mead and Carol A. Sledge Life cycle Models for Survivable Systems October 2002, TECHNICAL REPORT, CMU/SEI- 2002-TR-026, ESC-TR-2002-026 Shraddha More, R. Bansode, Implementation of AES with Time Complexity Measurement for Various Input in Global Journal of Computer Science and Technology (GJCST), ISSN 0975-4172, Volume 15, Issue 4, July 2015. @IJRTER-2018, All Rights Reserved 224

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback