Web application penetration testing with artificial intelligence: a systematic review

Sánchez, G., Olayinka, O. orcid.org/0000-0003-2449-3690 and Pasikhani, A. (2025) Web application penetration testing with artificial intelligence: a systematic review. In: 2024 22nd International Symposium on Network Computing and Applications (NCA 2024). 2024 IEEE 22nd International Symposium on Network Computing and Applications (NCA 2024), 24-26 Oct 2024, Bertinoro, Italy. Institute of Electrical and Electronics Engineers (IEEE) , pp. 236-245. ISBN 9798331510190

Abstract

Penetration testing is an intricate activity, yet vital for the security of web applications and the protection of user data. Due to its time-consuming nature, recent developments have emphasized the use of artificial intelligence to enhance efficiency, shorten testing times, and substantially improve penetration testing results. By combining artificial intelligence with conventional penetration testing techniques, researchers aim to improve the processes, providing organizations with the means to create stronger web applications. This paper presents a thorough review of research conducted between 2013 and 2024 on the application of artificial intelligence in web application penetration testing. We highlight advancements and challenges in employing learning-based methods to enhance penetration testing, providing a comprehensive overview of the current state and future directions in the field. Our results show that leveraging artificial intelligence has proven to be more efficient than traditional approaches, but they still face significant challenges.

Metadata

Item Type:	Proceedings Paper
Authors/Creators:	Sánchez, G. Olayinka, O. https://orcid.org/0000-0003-2449-3690 Pasikhani, A.
Copyright, Publisher and Additional Information:	© 2024 The Author(s). Except as otherwise noted, this author-accepted version of a journal article published in 2024 22nd International Symposium on Network Computing and Applications (NCA 2024) is made available via the University of Sheffield Research Publications and Copyright Policy under the terms of the Creative Commons Attribution 4.0 International License (CC-BY 4.0), which permits unrestricted use, distribution and reproduction in any medium, provided the original work is properly cited. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/
Keywords:	Machine learning; security; web applications
Dates:	Accepted: 30 September 2024 Published (online): 2 April 2025 Published: 2 April 2025
Institution:	The University of Sheffield
Academic Units:	The University of Sheffield > Faculty of Engineering (Sheffield) > Department of Computer Science (Sheffield)
Depositing User:	Symplectic Sheffield
Date Deposited:	08 Nov 2024 12:31
Last Modified:	08 Apr 2025 11:40
Status:	Published
Publisher:	Institute of Electrical and Electronics Engineers (IEEE)
Refereed:	Yes
Identification Number:	10.1109/NCA61908.2024.00043
Related URLs:	Conference
Open Archives Initiative ID (OAI ID):	oai:eprints.whiterose.ac.uk:219328

CORE (COnnecting REpositories)

Web application penetration testing with artificial intelligence: a systematic review

Abstract

Metadata

Download

Accepted Version

Export

Statistics