June 22, 2022
An international team of researchers has developed an analysis tool to make websites less vulnerable to hacking and cyberattacks.
The prototype black box security assessment, tested by engineers in Australia, Pakistan and the United Arab Emirates, is more effective than existing web scanners which collectively fail to detect the top 10 weaknesses of web apps.
UniSA mechanical and systems engineer Dr. Yousef Amer is one of the co-authors of a new international paper that describes the development of the tool in the wake of escalating global cyberattacks.
Cybercrime cost the world $6 trillion in 2021, reflecting a 300% increase in online criminal activity over the past two years.
Remote working, cloud-based platforms, malware and phishing scams have led to a spike in data breaches, while the rollout of 5G devices and the Internet of Things (IoT) has made us more connected – and vulnerable – than ever.
Dr. Yousef Amer and his colleagues from Pakistan, United Arab Emirates and Western Sydney University highlight many security weaknesses in website applications and the high cost of these to organizations.
Due to the widespread adoption of e-commerce, iBanking and e-government sites, web applications have become a prime target for cybercriminals who want to steal individual and corporate information and disrupt business operations. .
Despite a projected global spending of $170 billion on internet security in 2022 amid growing and more severe cyberattacks, existing web scanners fall far short of being able to assess vulnerabilities, according to Dr Amer.
“We’ve identified that most publicly available scanners have weaknesses and don’t do the job they should,” he says.
Nearly 72% of organizations have experienced at least one serious security breach on their website, with vulnerabilities having tripled since 2017.
WhiteHat Security, a global leader in web application security, estimates that 86% of scanned web pages have an average of 56% vulnerabilities. Of these, at least one is classified as critical.
The researchers compared 11 publicly available web application scanners against the top 10 vulnerabilities.
“We found that no single scanner is able to counter all of these vulnerabilities, but our prototype tool addresses all of these challenges. It’s basically a one-stop guide to keep the website 100% secure,” says Dr. Amer.
“There is an urgent need to audit websites and ensure they are secure if we are to curb these breaches and save businesses and governments millions of dollars.”
The researchers are now looking to commercialize their prototype.
Notes for Editors
“SAT: Embedded Multi-Agent Blackbox Security Assessment Tool Using Machine Learning” was presented at the 2022 International Conference on Artificial Intelligence in Pakistan. The research was conducted by the National University of Science and Technology of Pakistan. For a copy of the hard copy, email [email protected]
Contact for maintenance: Dr. Youssef Amer E-mail [email protected]
Media contact: Gibson Candy portable: 0434 605 142 E-mail: [email protected]