Preliminary Study of LLM-Based Wordlist Generation for Validating Broken Web Access Control

Kinsey K.S. Ng; Farah Yan; Kevin Hung

doi:10.1109/TENCON61640.2024.10902771

Preliminary Study of LLM-Based Wordlist Generation for Validating Broken Web Access Control

Kinsey K.S. Ng, Farah Yan, Kevin Hung

Electronic Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

Abstract

The public websites have become targets for hackers, resulting in reputational and financial losses. A considerable portion of cybersecurity issues arise from web attacks. Web vulnerabilities can often be traced back to web servers that have been misconfigured by unskilled administrators. Broken web access control leads to unauthorized access to sensitive resources and data. A wordlist-based testing is used to identify such vulnerabilities. This paper will discuss the threats posed by such misconfigured web services and explore how the LLM scanning approach generates wordlists, thereby enhancing the efficiency of identifying vulnerabilities within the web server. The study concluded that using different LLM models, in conjunction with summarization, role-playing, and Chain-of-Thought (CoT) techniques, enhances the discovery of web paths.

Original language	English
Title of host publication	IEEE Region 10 Annual International Conference, Proceedings/TENCON
Pages	1088-1091
Number of pages	4
DOIs	https://doi.org/10.1109/TENCON61640.2024.10902771
Publication status	Published - 2024

Publication series

Name	IEEE Region 10 Annual International Conference, Proceedings/TENCON

Keywords

Computer Hacking
Large Language Models
Unauthorized Access
Web Attacks

Access to Document

10.1109/TENCON61640.2024.10902771

Cite this

@inbook{f64d9ffb7bf84092b6bf5542cb00c804,

title = "Preliminary Study of LLM-Based Wordlist Generation for Validating Broken Web Access Control",

abstract = "The public websites have become targets for hackers, resulting in reputational and financial losses. A considerable portion of cybersecurity issues arise from web attacks. Web vulnerabilities can often be traced back to web servers that have been misconfigured by unskilled administrators. Broken web access control leads to unauthorized access to sensitive resources and data. A wordlist-based testing is used to identify such vulnerabilities. This paper will discuss the threats posed by such misconfigured web services and explore how the LLM scanning approach generates wordlists, thereby enhancing the efficiency of identifying vulnerabilities within the web server. The study concluded that using different LLM models, in conjunction with summarization, role-playing, and Chain-of-Thought (CoT) techniques, enhances the discovery of web paths.",

keywords = "Computer Hacking, Large Language Models, Unauthorized Access, Web Attacks",

author = "Ng, {Kinsey K.S.} and Farah Yan and Kevin Hung",

year = "2024",

doi = "10.1109/TENCON61640.2024.10902771",

language = "English",

isbn = "9798350350821",

series = "IEEE Region 10 Annual International Conference, Proceedings/TENCON",

pages = "1088--1091",

booktitle = "IEEE Region 10 Annual International Conference, Proceedings/TENCON",

}

Preliminary Study of LLM-Based Wordlist Generation for Validating Broken Web Access Control. / Ng, Kinsey K.S.; Yan, Farah; Hung, Kevin.
IEEE Region 10 Annual International Conference, Proceedings/TENCON. 2024. p. 1088-1091 (IEEE Region 10 Annual International Conference, Proceedings/TENCON).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Preliminary Study of LLM-Based Wordlist Generation for Validating Broken Web Access Control

AU - Ng, Kinsey K.S.

AU - Yan, Farah

AU - Hung, Kevin

PY - 2024

Y1 - 2024

N2 - The public websites have become targets for hackers, resulting in reputational and financial losses. A considerable portion of cybersecurity issues arise from web attacks. Web vulnerabilities can often be traced back to web servers that have been misconfigured by unskilled administrators. Broken web access control leads to unauthorized access to sensitive resources and data. A wordlist-based testing is used to identify such vulnerabilities. This paper will discuss the threats posed by such misconfigured web services and explore how the LLM scanning approach generates wordlists, thereby enhancing the efficiency of identifying vulnerabilities within the web server. The study concluded that using different LLM models, in conjunction with summarization, role-playing, and Chain-of-Thought (CoT) techniques, enhances the discovery of web paths.

AB - The public websites have become targets for hackers, resulting in reputational and financial losses. A considerable portion of cybersecurity issues arise from web attacks. Web vulnerabilities can often be traced back to web servers that have been misconfigured by unskilled administrators. Broken web access control leads to unauthorized access to sensitive resources and data. A wordlist-based testing is used to identify such vulnerabilities. This paper will discuss the threats posed by such misconfigured web services and explore how the LLM scanning approach generates wordlists, thereby enhancing the efficiency of identifying vulnerabilities within the web server. The study concluded that using different LLM models, in conjunction with summarization, role-playing, and Chain-of-Thought (CoT) techniques, enhances the discovery of web paths.

KW - Computer Hacking

KW - Large Language Models

KW - Unauthorized Access

KW - Web Attacks

UR - https://www.mendeley.com/catalogue/dd59099a-6594-3863-b6be-aa259b9a65da/

U2 - 10.1109/TENCON61640.2024.10902771

DO - 10.1109/TENCON61640.2024.10902771

M3 - Chapter

SN - 9798350350821

T3 - IEEE Region 10 Annual International Conference, Proceedings/TENCON

SP - 1088

EP - 1091

BT - IEEE Region 10 Annual International Conference, Proceedings/TENCON

ER -

Preliminary Study of LLM-Based Wordlist Generation for Validating Broken Web Access Control

Abstract

Publication series

Keywords

Access to Document

Other files and links

Fingerprint

Cite this