Titulo Estágio
Leveraging Large Language Models for Trustworthiness Assessment of Web Applications
Local do Estágio
CISUC-SSE
Enquadramento
Large Language Models (LLMs) have demonstrated remarkable capabilities in natural language processing tasks, including code understanding and generation. Leveraging these advancements, this master thesis proposal aims to develop a framework for assessing the trustworthiness of web applications by detecting the implementation of OWASP secure coding practices using LLMs. The trustworthiness of web applications is crucial, as they are often deployed in security-critical domains and can be vulnerable to various attacks if not developed securely. The proposed approach will build upon the existing work on trustworthiness assessment, but will utilize the power of LLMs to automate the detection of secure coding practices, providing a more scalable and efficient solution.
Reference data sources to be used/considered:
- https://vulnerabilitydataset.dei.uc.pt
- https://github.com/JoaoRafaelHenriques/CVEDetailsScrapeDataset
- NVD - https://nvd.nist.gov/vuln
- CVE Details - https://www.cvedetails.com/
- Lemes, Cristiano Inácio, Vincent Naessens, and Marco Vieira. "Trustworthiness assessment of web applications: Approach and experimental study using input validation coding practices." 2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE). IEEE, 2019.
Objetivo
The learning objectives of this master internship are:
1) Security, vulnerabilities: study the subject of software security and vulnerabilities;
2) Secure Software Development: understand concepts related to secure software development especially focused on OWASP best practices, thus improving coding skills to create more dependable solutions;
3) Machine Learning and Large-Language Models: study AI/ML concepts, focusing on LLMs, and how such techniques can be used to support the development of more secure systems;
4) Research Design: understand how to design and execute an experimental process to address complex and open research issues
Plano de Trabalhos - Semestre 1
[09/09/2024 a 20/10/2024] Literature review
Study the concepts to be used in the internship, namely security, OWASP, ML LLMs
[21/10/2024 a 05/11/2024] Analysis and selection of target techniques
Identification, analysis, and selection of which target datasets, security practices, machine learning techniques and LLMs will be studied
[06/11/2024 a 03/12/2024] Definition of the experimental process
Design and plan the experimental process that will be used to conduct the study
[04/12/2024 a 15/01/2025] Write the dissertation plan
Plano de Trabalhos - Semestre 2
[06/02/2025 a 6/03/2025] Set up the experimental testbed
Set up the testbed required to conduct the experiments
[7/03/2025 a 17/04/2025] Conduct the experimental campaign
Use the testbed to conduct the experimental process
[18/04/2025 a 08/05/2025] Analyze, explore, and process the results
Process, explore and analyze the results obtained from the experimental process on the use of LLMs to create a characterization of the trustworthiness of code units based on a set of security practices. Compare with existing results from the literature
[09/05/2025 a 05/06/2025] Write a scientific paper
[06/06/2025 a 08/07/2025] Write the thesis
Condições
Depending on the evolution of the internship a studentship may be available to support the development of the work in the second semester. The work is to be executed at the laboratories of the CISUC’s Software and Systems Engineering Group.
Orientador
João R. Campos
jrcampos@dei.uc.pt 📩