WebGuardian: Holistic Approach to Address Dynamic web application Threat Landscape
\ No newline at end of file
# WebGuardian: Holistic Approach to Address Dynamic web application Threat Landscape
# Main Objective
The main objective of the topic of Web Application Security Automation Solution is to improve the security of web applications by detecting and
preventing security threats in real-time. This solution will use advanced algorithms, artificial intelligence, and machine learning techniques to automate
the process of detecting vulnerabilities, threats, and web application hardening as well as risk prediction. For that, this involves designing and developing
a comprehensive, automated system that can effectively detect and prevent security threats to web applications in real-time by dynamically adapting to
frequently evolving threats and changes in the environment and technologies.
# Main Research questions
The need for a more effective solution to secure web applications has become more pressing due to the dynamic nature of the web application environment
and the evolution of cyber threats. To address this, we plan to build a web application security automation solution that considers various important aspects.
The first aspect is admin privilege access management which is a crucial aspect of ensuring the security of a system. Passwords and usernames are often
inadequate, leading to security breaches and unauthorized access. The solution must use face detection for authentication to provide administrators with
a more secure, convenient, and accountable way of managing access privileges.
The second aspect is web application vulnerability assessment automation, which will provide a more accurate evaluation of potential vulnerabilities in the
application. This will help to address any security risks before they become major problems.
The third aspect is web application risk prediction automation, which will help to do the work efficiently and avoid problems like human error and time
consumption that might arise from manual processes.
The fourth aspect is web application hardening, which is critical to meet industry standards for web application security. If web application hardening is not
automated, it may impact security measures that can be implemented in inconsistent ways, reducing their effectiveness and causing confusion. Manually
hardening is also time-consuming and resource-intensive, making it difficult to identify and respond to new security threats in a timely manner.
# Individual research question
## Ranasinghe M.H. (TI20038496)
Current multi-factor authentication systems for admin access lack user-friendliness and result in inconvenience and user errors. There is a need for research to develop a context-aware system that minimizes authentication steps and offers a seamless user experience.
## Aththanayaka P.A.G.P.B. (IT20021252)
Currently, there is a lack of research on combining machine learning and user behavior analysis for the development of a secure and context-aware multi-factor authentication (MFA) system for admin access.
## Rathnayake S.D. (IT20018450)
Currently there is a lack of research on integrating RASP with threat intelligence feeds to enhance the security effectiveness of real-time web application threat response, aligned with the CIS benchmark, and enable automated security solutions
## Ranaweera H.N.K. (IT20012960)
Currently, there is a lack of research on utilizing machine learning and real-time data analysis to automate asset valuation, improve risk calculation and risk prediction.
# Individual Objectives
## Ranasinghe M.H. (TI20038496)
Development of a secure and context-aware multi-factor authentication system for admin access using machine learning and biometric behavior analysis.
## Aththanayaka P.A.G.P.B. (IT20021252)
Develop an integrated system for threat and vulnerability identification automation that incorporates machine learning algorithms and behavior-based analysis.
## Rathnayake S.D. (IT20018450)
Using run-time application selfprotection (RASP) to increase the effectiveness of real-time web application threat responding according to CIS benchmark.
## Ranaweera H.N.K. (IT20012960)
Asset Valuation automating and Risk Calculation with Machine Learning and Real-Time Data Analysis.
