Artificial Intelligence and Dynamic Analysis-Based Web Application Vulnerability Scanner

The widespread use of web applications and running on sensitive data has made them one of the most significant targets of cyber attackers. One of the most crucial security measures that can be taken is the detection and closure of vulnerabilities on web applications before attackers. In this study, a web application vulnerability scanner was developed based on dynamic analysis and artificial intelligence, which could test web applications using GET and POST methods and had test classes for 21 different vulnerability types. The developed vulnerability scanner was tested on a web application test laboratory, which was created within the scope of this study and had 262 different web applications. A data set was created from the results of the tests performed using the developed vulnerability scanner. In this study, as a first stage, web page classification was made using the mentioned data set. The highest success rate in the page classification process was determined by 95.39% using the Random Forest Algorithm. The second operation performed using the dataset was the association analysis between vulnerabilities. The proposed model saved the 21% time than the standard scanning model. The page classification process was also used in the crawling of the web application in this study.