Using Artificial Intelligence to Create a Web Application Security Knowledge Assessment System
摘要
The increasing complexity of web applications and APIs has intensified the demand for effective security education. Despite the availability of cybersecurity training programs, many professionals and students struggle to apply security principles effectively, leading to preventable vulnerabilities and misconfigurations. This paper presents the development of an AI-driven knowledge assessment system designed to enhance awareness and understanding of web application security. The system is based on OWASP Top 10, a widely recognized framework that identifies the most critical web security risks. By leveraging GPT-based AI models, the system provides an adaptive learning environment, allowing users to evaluate and improve their knowledge through dynamic assessments. The paper outlines the system’s architecture and implementation, detailing the technologies used, including Laravel, OpenAI API, and adaptive quiz generation techniques. Initial testing was conducted with third-year students, and the results indicate high user satisfaction and effective question variability. Additionally, statistical insights from user interactions highlight the most frequently assessed OWASP security topics. Future enhancements will focus on adaptive learning integration, expansion to OWASP API Security Top 10, and broader implementation across universities. This approach demonstrates the potential of AI-driven cybersecurity education tools in mitigating security vulnerabilities through improved training and assessment.