Using Artificial Intelligence and Machine Learning to Stop Web App Attacks Before They Even Start

Dynamic Application Security Testing (DAST) is a critical component of modern application security procedures. Security practitioners use DASTs to identify potential vulnerabilities in web applications. Unfortunately, those same capabilities can be used by attackers as reconnaissance tools. 

In a groundbreaking new research paper, Rapid7’s Pojan Shahrivar and Dr. Stuart Millar developed and tested artificial intelligence and machine learning techniques to detect brute-force DAST attacks during the reconnaissance phase, effectively preventing 94% of DAST attacks and eliminating the entire kill-chain at the source. 

The team presented their work at the 6th annual IEEE Dependable and Secure Computing conference at the University of South Florida. 

The new research shows:

• Artificial intelligence and machine learning can be used to identify unauthorized DAST brute-force attacks

• Attacks can be stopped at their earliest stages, in the reconnaissance phase before any infiltration attempts have been made

• The potential for significant time savings in a production environment of millions of events, freeing up security admins to complete other high-value investigative work