A fuzzy classifier-based penetration testing for web applications

Abstract

The biggest challenge of Web application is the inestimable losses arising from security flaws. Two approaches were advanced by a number of scholars to provide security to Web space. One of such approach is vulnerability assessment, which is a conscious effort to isolate, identify and recognize potentials vulnerabilities exploited by attackers. The second being the estimation and determination of level of risks/threats posed to Web applications by vulnerabilities obvious to the developer (or tester); this is generally referred to as penetration testing. Recently, there is Vulnerability Assessment and Penetration Testing (VAPT) that combined these two schemes to improve safety and effectively combat the menace of attackers on Web applications. This paper proposed Fuzzy Classifier-based Vulnerability and Assessment Testing (FCVAPT) model to provide security for sensitive data/information in Web applications. Cross Site Scripting (XSS) and Structured Query Language (SQL) injections were selected for evaluation of proposed FCVAPT model. FCVAPT model’s classification performance for MSE, MAPE and RMSE were 33.33, 14.81% and 5.77% respectively. FCVAPT is considerably effective for detecting vulnerability and ascertaining the nature of threats/risks available to Web applications.