AI-Enhanced Security Testing Platform

DAEST: Dynamic AI-Enhanced Security Testing is a capstone project developed by students in the Faculty of Electrical and Computer Engineering. Team PB-55 developed a prototype designed to help users identify, understand, and fix security issues in their applications. This prototype automates security testing tools to quickly scan for vulnerabilities, then generates detailed reports that highlight problems and provide practical tips for fixing them.

AI-Enhanced Security Testing Platform

Published:

VIEW ALL CAPSTONE PROJECTS

The above video was created by Team PB-55 and features a demonstration of the prototype.

Screenshots of UI

Initial dashboard view showing no tests have been run yet. Click ‘New Test’ to begin.
To begin a new scan, click the “New Test” button at the top left.
Form to configure a new DAST (Dynamic Application Security Testing) scan with options for name, scan type, and target URL.
Students can configure a new test by entering a name, selecting a scan type and tool, and providing a target URL.
User prompted to confirm the target URL before launching the security scan.
Before starting the scan, students are prompted to confirm the target URL.
Confirmation message indicating that the scan has started successfully with status ‘Initiated’.
Once the initiated scan submitted, a confirmation message appears with the scan’s initiation status.
Dashboard updated to show an active scan with test name, type, target URL, and current status.
The initiated scan appears in the dashboard with details including test name, scan type, target URL, and current status.

Security Report

This security report summarizes the results of a security scan, highlighting clear explanations to help users understand and address potential vulnerabilities.

Technical Components

Architecture Diagram

Architecture Diagram

Expand below to learn more about the architecture diagram, step-by-step.

User Workflow Diagram

User flow Diagram for the AI Study Assistant.

Technical Infrastructure

1. An unauthenticated user begins at the Main Page, where they are prompted to log in.

2. On the Login Page, the user must enter valid credentials (username and password) to proceed.

3. The authenticated user is directed to the Dashboard Page (Figure 2), which displays all previously launched tests. From this page, the user may:

  • Click “Launch Test” to initiate a new scan (Step 4), or
  • Click on the name of a completed test to view its results (Step 8).
  • Click on “Sign Out” (go back to Step 1)

4. Selecting “Launch Test” navigates the user to the New Test Configuration Page, where they can input the test name, choose a DAST tool and scan mode, specify the target URL, and optionally modify advanced configuration settings.

5. A confirmation dialog appears, allowing the user to validate the target URL via a direct link.

6. The Loading Page then briefly appears as the test is initialized.

7. Once the test is successfully initiated, the Results Page confirms that initialization is complete. The user may return to the Dashboard Page to monitor test status (step 3).

8. When accessing a completed test, the user is directed to the Report + Chatbot Page, which presents the security scan results on the left panel and an interactive AI assistant on the right. The user can review the report and ask questions related to its findings. Once finished, they can return to the Dashboard Page.

Learn more about the solution on GitHub.

Acknowledgements

Capstone Team PB-55 was formed of students Junsu An, Andrew Piemonte, Ranbir Sharma, and Alfredo del Rayo as part of the UBC Electrical and Computer Engineering Capstone Program. Guidance was provided by a faculty member who acted as the technical director and supported by the UBC Cloud Innovation Center technical team.

Photo by Adi Goldstein.

About the University of British Columbia Cloud Innovation Centre (UBC CIC)

The UBC CIC is a public-private collaboration between UBC and Amazon Web Services (AWS). A CIC identifies digital transformation challenges, the problems or opportunities that matter to the community, and provides subject matter expertise and CIC leadership.

Using Amazon’s innovation methodology, dedicated UBC and AWS CIC staff work with students, staff and faculty, as well as community, government or not-for-profit organizations to define challenges, to engage with subject matter experts, to identify a solution, and to build a Proof of Concept (PoC). Through co-op and work-integrated learning, students also have an opportunity to learn new skills which they will later be able to apply in the workforce.