Die vorliegende Arbeit untersucht die Verwendung von Large Language Models (LLMs) in Penetrationstests von Web-Anwendungen. Ziel ist es, die Arbeit von Penetrationstestern zu unterstützen und den Prozess zu beschleunigen, um Sicherheitslücken in Web-Anwendungen effektiver aufzudecken und zu beheben. Die Arbeit vergleicht verschiedene Ansätze und prüft, wie LLMs wie ChatGPT und andere die Effizienz des Penetrationstests verbessern können. Es wird evaluiert, ob durch die Anwendung von LLMs der notwendige Aufwand für Penetrationstests reduziert werden kann, um Sicherheitslücken in Web-Anwendungen effektiver aufzudecken und zu beheben. Die Arbeit leistet einen Beitrag zum Thema, indem sie die Möglichkeiten und Grenzen von LLMs im Kontext der Penetrationstestung untersucht, bewertet und den aktuellen Stand skizziert.:1 Intro
2 Basics
2 1 Web Application Security
2 2 Penetration Testing
2 3 Penetration Testing Standards
2 4 Penetration Testing Tools
2 5 Artificial Intelligence
2 6 Large Language Models
2 7 LLM prompting techniques
2 8 AI’s Growing Role in Cybersecurity
2 9 Penetration Testing and AI
2 10 Research Objectives and Scope
2 11 Significance of the Study and Research Question
2 12 Structure of the Thesis
3 Literature Review
4 Market Analysis
4 1 Use of LLMs in Combination with Existing Penetration Testing Software
4 2 Open-Source Solutions Leveraging LLMs
4 3 Commercial Solutions Leveraging LLMs for Cybersecurity purposes
4 4 ChatGPT-GPTs
4 5 Identifying the Need for Optimization in Penetration Testing Processes
4 6 Opinions of Penetration Testers on Generative AI Use
5 Methodology
5 1 Research Methods and Approaches
5 2 Benchmarks Used for Evaluation
6 Concept and Implementation
6 1 Limitations of LLMs
6 2 Deciding Which LLM Models to Use
6 3 Identifying and Executing Tasks with LLMs
6 4 Tailoring the LLM for Penetration Testing
6 5 Resource Requirements
7 Evaluation of LLMs for Penetration Testing
7 1 Interviews: Identifying the use of LLMs for Pentesting
7 2 Preparing the Test Environment
7 3 Evaluation of Command Generation
7 4 ChatGPT Assistant GPT
7 5 Google Gemini Advanced
7 6 Discussion of results
7 7 Answering the Research Question
7 8 Resulting Penetration Testing Workflow
8 Conclusion / The thesis examines the use of Large Language Models (LLMs) in web application penetration testing. The goal is to support penetration testers and accelerate the process, to identify and fix security vulnerabilities in web applications more effectively. The thesis compares different approaches and evaluates how LLMs, such as ChatGPT and others, can improve the efficiency of penetration testing. It is evaluated whether the application of LLMs can reduce the necessary effort for penetration testing, to more effectively identify and fix security vulnerabilities in web applications. The research contributes to the topic by investigating, evaluating, and outlining the possibilities and limitations of LLMs in the context of penetration testing.:1 Intro
2 Basics
2 1 Web Application Security
2 2 Penetration Testing
2 3 Penetration Testing Standards
2 4 Penetration Testing Tools
2 5 Artificial Intelligence
2 6 Large Language Models
2 7 LLM prompting techniques
2 8 AI’s Growing Role in Cybersecurity
2 9 Penetration Testing and AI
2 10 Research Objectives and Scope
2 11 Significance of the Study and Research Question
2 12 Structure of the Thesis
3 Literature Review
4 Market Analysis
4 1 Use of LLMs in Combination with Existing Penetration Testing Software
4 2 Open-Source Solutions Leveraging LLMs
4 3 Commercial Solutions Leveraging LLMs for Cybersecurity purposes
4 4 ChatGPT-GPTs
4 5 Identifying the Need for Optimization in Penetration Testing Processes
4 6 Opinions of Penetration Testers on Generative AI Use
5 Methodology
5 1 Research Methods and Approaches
5 2 Benchmarks Used for Evaluation
6 Concept and Implementation
6 1 Limitations of LLMs
6 2 Deciding Which LLM Models to Use
6 3 Identifying and Executing Tasks with LLMs
6 4 Tailoring the LLM for Penetration Testing
6 5 Resource Requirements
7 Evaluation of LLMs for Penetration Testing
7 1 Interviews: Identifying the use of LLMs for Pentesting
7 2 Preparing the Test Environment
7 3 Evaluation of Command Generation
7 4 ChatGPT Assistant GPT
7 5 Google Gemini Advanced
7 6 Discussion of results
7 7 Answering the Research Question
7 8 Resulting Penetration Testing Workflow
8 Conclusion
| Identifer | oai:union.ndltd.org:DRESDEN/oai:qucosa:de:qucosa:91316 |
| Date | 10 May 2024 |
| Creators | Brüsemeister, Patrick |
| Contributors | Hartmann, Andreas, Meissner, Roy, Hochschule für Technik, Wirtschaft und Kultur Leipzig |
| Source Sets | Hochschulschriftenserver (HSSS) der SLUB Dresden |
| Language | English |
| Detected Language | English |
| Type | info:eu-repo/semantics/acceptedVersion, doc-type:bachelorThesis, info:eu-repo/semantics/bachelorThesis, doc-type:Text |
| Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0056 seconds