A new AI-powered tool called YuraScanner, developed by researchers at the Helmholtz CISPA, is transforming web application security.
Using large language models (LLMs) like GPT-4, YuraScanner intelligently navigates and understands complex web application workflows, mimicking human user behavior to identify vulnerabilities. In tests across 20 web applications, YuraScanner discovered 12 zero-day XSS vulnerabilities, significantly outperforming traditional scanners like Black Widow, which only found three.
This advancement marks a significant step forward in automated security testing, enabling more thorough detection of vulnerabilities in multi-step processes, such as online shopping carts, that traditional scanners often miss. YuraScanner's ability to understand and execute tasks within web applications allows it to uncover deeper, more hidden security flaws.