Full Program

A Machine Learning Approach to Automate Greybox Testing

Summary:

Cybersecurity threats continually evolve, posing ever-growing challenges to the confidentiality, integrity, and availability of digital infrastructures. This is critical for developers and testers who must balance secure development practices with time and budget constraints, in particular, for APIs that present critical threats in business logic and access controls that standard security tools fail to detect. A gap remains in automatically detecting this kind of vulnerability, leaving organizations exposed to information security risks. By using a machine learning engine trained on a real-world and private dataset, we were able to develop a greybox testing framework that automatically identifies access control and business logic vulnerabilities. We showed that our approach properly detects these types of weaknesses with an accuracy rate exceeding 90%, significantly reducing testing time and adapting to information security requirements.

Author(s):

Alaa Hijazi    
Potech Global - Cyber Intelligence Unit
Lebanon

Alaa Hijazi is an accomplished information security consultant with five years of experience specializing in forensic, penetration testing, cyber threat intelligence, IT Infrastructure, and networking. Based in the Middle East, he provides training in Certified Ethical Hacking and reverse engineering across Lebanon and Kuwait. Additionally, Alaa contributes his expertise as an assistant professor at the Saint Joseph University in the faculty of engineering . Currently performing a thorough research for automating penetration testing.

Dany Mezher    
University of Saint Joseph - Faculty of Engineering
Lebanon

Elie Zeidan    
Thidesoft - Managing Partner
Lebanon

Carole Bassil    
Lebanese University - Faculty of Sciences
Lebanon