-
-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AI Integration #8343
Comments
https://medium.com/@danieldkang/llm-agents-can-autonomously-hack-websites-ab33fadb3062 - from one of the authors of the above research |
Recently Google relased an Open Source AI powered filetype identificator. It could be useful to better infer static filetypes: https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html I guess a lot of analysts do loose time with false positives. |
One of the AI use cases I see integrating with ZAP is "API sequencing" using only the Swagger file as an input. The starting point would be a Swagger definition file, and the goal would be to generate HTTP calls that simulate real user actions. For example, let's suppose we have an API that manage products, the prompt will ask the LLM to generate API calls to simulate a real user calling these APIz through an SPA, like, first creating a product, the. viewing the product, viewing all products, searching for a product, and then deleting it, etc. This could be highly beneficial during the crawling stage of an API scan. I would be happy to work on this and mentor the future intern tasked with this integration. |
Thanks @TmmmmmR - thats a very good suggestion. |
How could we use AI to make ZAP more effective?
This is GSoC 2024 candidate project.
Potentially interesting link: https://www.toolify.ai/ai-news/unleashing-the-power-of-ai-in-penetration-testing-1385819
Please add any more relevant links you find as comments
The text was updated successfully, but these errors were encountered: