kevin-mathew-cyber/websecure-ai

# 🤖 WebSecure AI: AI-Powered Web Vulnerability Scanner & DAST Platform An end-to-end, lightweight, asynchronous Dynamic Application Security Testing (DAST) platform that pairs native Python network scanners with Large Language Models (LLMs) to provide automated, context-aware remediation intelligence. ## 🌟 Key Performance Achievements (Master's Thesis Metrics) * **High-Value Accuracy:** Achieved an **88% baseline detection rate** with a false-positive rate **under 12%** across test environments. * **Rapid Execution:** Complete dynamic scanning execution across target endpoints in **under 18 seconds**. * **Operational Efficiency:** Reduced human vulnerability triage cycles by **40% to 50%** during active development simulations. ## 🏗️ Core Architecture & Tech Stack ### 🔵 Backend Engineering (Python & FastAPI) * **Asynchronous Framework:** Built using **FastAPI** & **Uvicorn** for high-concurrency request processing. * **Pure-Python Scanner Core:** Custom-built detection logic for missing security headers, reflective Cross-Site Scripting (XSS), and SQL Injection vectors via the `requests` engine. * **Cryptographic Analysis:** Low-level SSL/TLS structural mapping (detecting weak protocols like TLS 1.0/1.1) powered by **SSLyze**. * **Document Synthesis:** Automated, pixel-perfect executive compliance reports compiled natively via **ReportLab**. ### 🟢 Artificial Intelligence Core (OpenAI SDK) * Implements the **OpenAI Chat Completions API (`gpt-3.5-turbo`)** to ingest raw system JSON blobs, map findings automatically to the official **OWASP Top 10 Framework**, and generate ready-to-implement developer code patches. ### 🟡 Frontend Interface (React & Tailwind CSS) * A utility-first single-page application (SPA) offering interactive target entry, real-time validation gates, dynamic loading state machines, and direct in-browser PDF report review utilities. ## 📁 Academic Source Documents Included The complete research corpus submitted to **De Montfort University** is packaged within this repository for reference: * 📄 **`Dissertation Websecure AI.pdf`** - Complete written master's thesis dissertation. * 📋 **`Proposal.docx`** - Initial research objectives and scoping methodology. * ⏱️ **`Meeting_Overview_.pdf`** - Academic advisor progression logging artifacts. ## 🚀 Quickstart Deployment 1. Navigate to the core application folder: cd Kevin_Mathew/Software/ai_vuln_scanner_debug 2. Add your OpenAI API credentials to a local `.env` configuration file: echo "OPENAI_API_KEY=your_key_here" > backend/.env 3. Launch the containerized infrastructure via Docker Compose: docker compose up --build 4. Open your browser and navigate to `http://localhost:3000` to interact with the system interface.