{"id":"https://openalex.org/W7123350271","doi":"https://doi.org/10.1109/candarw68385.2025.00045","title":"ZAPx: Extending OWASP ZAP for Enhanced Web Vulnerability Detection and AI-Powered Remediation","display_name":"ZAPx: Extending OWASP ZAP for Enhanced Web Vulnerability Detection and AI-Powered Remediation","publication_year":2025,"publication_date":"2025-11-25","ids":{"openalex":"https://openalex.org/W7123350271","doi":"https://doi.org/10.1109/candarw68385.2025.00045"},"language":null,"primary_location":{"id":"doi:10.1109/candarw68385.2025.00045","is_oa":false,"landing_page_url":"https://doi.org/10.1109/candarw68385.2025.00045","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 Thirteenth International Symposium on Computing and Networking Workshops (CANDARW)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5117613390","display_name":"Kittipat Tangtanawirut","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":true,"raw_author_name":"Kittipat Tangtanawirut","raw_affiliation_strings":["Sirindhorn International Institute of Technology Thammasat University,Pathum Thani,Thailand"],"affiliations":[{"raw_affiliation_string":"Sirindhorn International Institute of Technology Thammasat University,Pathum Thani,Thailand","institution_ids":["https://openalex.org/I108108428"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5117613387","display_name":"Archawit Changtor","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Archawit Changtor","raw_affiliation_strings":["Sirindhorn International Institute of Technology Thammasat University,Pathum Thani,Thailand"],"affiliations":[{"raw_affiliation_string":"Sirindhorn International Institute of Technology Thammasat University,Pathum Thani,Thailand","institution_ids":["https://openalex.org/I108108428"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5117613389","display_name":"Pakapon Rattanasrisuk","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Pakapon Rattanasrisuk","raw_affiliation_strings":["Sirindhorn International Institute of Technology Thammasat University,Pathum Thani,Thailand"],"affiliations":[{"raw_affiliation_string":"Sirindhorn International Institute of Technology Thammasat University,Pathum Thani,Thailand","institution_ids":["https://openalex.org/I108108428"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5122860613","display_name":"Somchart Fugkeaw","orcid":null},"institutions":[{"id":"https://openalex.org/I108108428","display_name":"Thammasat University","ror":"https://ror.org/002yp7f20","country_code":"TH","type":"education","lineage":["https://openalex.org/I108108428"]}],"countries":["TH"],"is_corresponding":false,"raw_author_name":"Somchart Fugkeaw","raw_affiliation_strings":["Sirindhorn International Institute of Technology Thammasat University,Pathum Thani,Thailand"],"affiliations":[{"raw_affiliation_string":"Sirindhorn International Institute of Technology Thammasat University,Pathum Thani,Thailand","institution_ids":["https://openalex.org/I108108428"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5117613390"],"corresponding_institution_ids":["https://openalex.org/I108108428"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.82466111,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"217","last_page":"223"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9311000108718872,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.9311000108718872,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.021199999377131462,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.016599999740719795,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.48339998722076416},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.47130000591278076},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.45829999446868896},{"id":"https://openalex.org/keywords/flooding","display_name":"Flooding (psychology)","score":0.45730000734329224},{"id":"https://openalex.org/keywords/secure-coding","display_name":"Secure coding","score":0.4196000099182129},{"id":"https://openalex.org/keywords/data-integrity","display_name":"Data integrity","score":0.4009000062942505},{"id":"https://openalex.org/keywords/threat-model","display_name":"Threat model","score":0.3959999978542328},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.3953999876976013},{"id":"https://openalex.org/keywords/limiting","display_name":"Limiting","score":0.3871999979019165}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6995000243186951},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6384000182151794},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.48339998722076416},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.47130000591278076},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.45829999446868896},{"id":"https://openalex.org/C186594467","wikidata":"https://www.wikidata.org/wiki/Q1429176","display_name":"Flooding (psychology)","level":2,"score":0.45730000734329224},{"id":"https://openalex.org/C22680326","wikidata":"https://www.wikidata.org/wiki/Q7444867","display_name":"Secure coding","level":5,"score":0.4196000099182129},{"id":"https://openalex.org/C33762810","wikidata":"https://www.wikidata.org/wiki/Q461671","display_name":"Data integrity","level":2,"score":0.4009000062942505},{"id":"https://openalex.org/C140547941","wikidata":"https://www.wikidata.org/wiki/Q7797194","display_name":"Threat model","level":2,"score":0.3959999978542328},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.3953999876976013},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.3871999979019165},{"id":"https://openalex.org/C118643609","wikidata":"https://www.wikidata.org/wiki/Q189210","display_name":"Web application","level":2,"score":0.38449999690055847},{"id":"https://openalex.org/C12725497","wikidata":"https://www.wikidata.org/wiki/Q810247","display_name":"Baseline (sea)","level":2,"score":0.3840999901294708},{"id":"https://openalex.org/C167063184","wikidata":"https://www.wikidata.org/wiki/Q1400839","display_name":"Vulnerability assessment","level":3,"score":0.3617999851703644},{"id":"https://openalex.org/C112789634","wikidata":"https://www.wikidata.org/wiki/Q18207010","display_name":"False positives and false negatives","level":3,"score":0.33660000562667847},{"id":"https://openalex.org/C59241245","wikidata":"https://www.wikidata.org/wiki/Q4781497","display_name":"Web application security","level":4,"score":0.3328000009059906},{"id":"https://openalex.org/C40842320","wikidata":"https://www.wikidata.org/wiki/Q19423","display_name":"Buffer overflow","level":2,"score":0.33239999413490295},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.3212999999523163},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.3172000050544739},{"id":"https://openalex.org/C2778012447","wikidata":"https://www.wikidata.org/wiki/Q1034415","display_name":"Scope (computer science)","level":2,"score":0.31529998779296875},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.2962000072002411},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.2775000035762787},{"id":"https://openalex.org/C35578498","wikidata":"https://www.wikidata.org/wiki/Q193424","display_name":"Web service","level":2,"score":0.27639999985694885},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.26339998841285706},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.25279998779296875},{"id":"https://openalex.org/C62230096","wikidata":"https://www.wikidata.org/wiki/Q275969","display_name":"Crowdsourcing","level":2,"score":0.25029999017715454}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/candarw68385.2025.00045","is_oa":false,"landing_page_url":"https://doi.org/10.1109/candarw68385.2025.00045","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 Thirteenth International Symposium on Computing and Networking Workshops (CANDARW)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.7169548869132996}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Web":[0],"applications":[1],"are":[2],"increasingly":[3],"targeted":[4],"by":[5,108],"automated":[6,109],"attacks":[7],"and":[8,18,28,51,75,94,124],"client-side":[9,41,122],"code":[10],"vulnerabilities,":[11],"posing":[12],"significant":[13],"risks":[14],"to":[15,71,104,116,154],"data":[16,119],"confidentiality":[17],"system":[19],"integrity.":[20],"Automated":[21],"threats-such":[22],"as":[23,48],"web":[24,146],"scraping,":[25],"brute":[26],"force,":[27],"flooding":[29],"requests-exploit":[30],"weak":[31],"defenses":[32],"like":[33],"missing":[34],"rate":[35,144],"limiting":[36],"or":[37],"CAPTCHA,":[38],"while":[39,149],"insecure":[40],"implementations":[42],"often":[43],"expose":[44],"sensitive":[45,118],"information":[46],"such":[47],"API":[49],"keys":[50],"access":[52],"tokens.":[53],"Existing":[54],"tools,":[55],"including":[56],"the":[57,155],"OWASP":[58],"Zed":[59],"Attack":[60],"Proxy":[61],"(ZAP),":[62],"provide":[63],"strong":[64],"baseline":[65,156],"detection":[66,93,143],"but":[67],"lack":[68],"comprehensive":[69],"capabilities":[70],"address":[72],"these":[73],"challenges":[74],"support":[76],"actionable":[77],"remediation.":[78,96],"To":[79],"fill":[80],"this":[81],"gap,":[82],"we":[83],"develop":[84],"ZAPx,":[85],"an":[86,100],"extension":[87],"of":[88,145],"ZAP":[89,157],"that":[90,130,138],"integrates":[91],"enhanced":[92],"AI-driven":[95],"ZAPx":[97,139],"introduces:":[98],"(i)":[99],"active":[101],"scan":[102,114],"module":[103,115],"detect":[105],"vulnerabilities":[106,148],"exploitable":[107],"attacks,":[110],"(ii)":[111],"a":[112,126,141],"passive":[113],"identify":[117],"exposure":[120],"in":[121],"code,":[123],"(iii)":[125],"generative":[127],"AI":[128],"engine":[129],"produces":[131],"context-specific":[132],"remediation":[133],"plans.":[134],"Experimental":[135],"results":[136],"demonstrate":[137],"achieves":[140],"higher":[142],"application":[147],"reducing":[150],"false":[151],"positives":[152],"compared":[153],"tool.":[158]},"counts_by_year":[],"updated_date":"2026-01-14T00:46:21.520733","created_date":"2026-01-14T00:00:00"}