Jacopo Sergio
Automatic processing of VA/PT tools output using LLM agents.
Rel. Cataldo Basile. Politecnico di Torino, Corso di laurea magistrale in Ingegneria Informatica (Computer Engineering), 2024
Abstract
Over the past two decades, technological and engineering developments have collaborated to create an increasingly sophisticated and diverse information technology landscape, but while this has led us today to have extremely complex and feature-rich hardware and software systems, it has inevitably increased the likelihood that they may contain conceptual or implementation flaws, some of which can potentially be exploited by malicious individuals or organizations, who nowadays find ever-changing methods and tools to threaten the secrecy, availability and integrity of resources and data. In this scenario, risk analysis methodologies such as VAPTs, i.e., Vulnerability Assessment and Penetration Testing, that assess the criticality and actual dangerousness of vulnerabilities found in web systems and applications, are paramount.
However, they travel different paths and tools, as well as the type of output they produce: VAs are often automated, focus on a broader view of the system, and often produce false positives, while PTs are tests performed manually by an expert, who focuses in more detail on the part of the system and can demonstrate the real vulnerabilities of the target and how they can be exploited
Relatori
Anno Accademico
Tipo di pubblicazione
Numero di pagine
Informazioni aggiuntive
Corso di laurea
Classe di laurea
Aziende collaboratrici
URI
 |
Modifica (riservato agli operatori) |
