-
-
Juice Shop Vulnerable Web App form OWASP
-
Pentest report
-
Pentest report
-
Recommendations to resolve Web App Security Issues
-
Pentest report
-
Encryption Key Access Security Thread
💡 Inspiration Manual penetration testing is slow and generates overwhelming data without actionable insights. We wanted to combine automated vulnerability detection with AI intelligence to make security testing smarter and more efficient.
🎯 What it does Automatically scans web applications for security vulnerabilities (SQL injection, XSS, directory traversal, etc.) and uses Claude AI via AWS Bedrock to analyze findings and generate professional security reports with remediation recommendations.
🛠 How I built it
Python-based scanner with multi-threaded vulnerability testing AWS Bedrock integration for Claude AI analysis Real-time attack simulation against OWASP Top 10 vulnerabilities Automated report generation with AI-powered insights and executive summaries
🚧 Challenges I ran into
JSON serialization errors with Python timedelta objects when sending data to Claude API rate limiting when processing large vulnerability datasets Progress visualization for real-time demo presentation Balancing thoroughness vs speed in vulnerability detection
🏆 Accomplishments that I proud of
20 vulnerabilities detected in 112 test cases with 16 critical findings Seamless AWS Bedrock integration with fallback to direct Claude API Professional-grade reporting that matches enterprise security standards Live demo-ready interface with progress bars and real-time alerts
📚 What I learned
Advanced penetration testing techniques and payload crafting AWS Bedrock architecture and Claude API integration Security report formatting for different audiences (technical vs executive) Real-time UI design for security demonstration tools
🚀 What's next for A2A Security Pentest platform
Extended vulnerability coverage (CSRF, SSRF, deserialization attacks) Integration with CI/CD pipelines for automated security testing Custom payload generation using AI for target-specific attacks Multi-target scanning and vulnerability correlation across applications Compliance reporting for SOC2, PCI-DSS, and other frameworks
Built With
- amazon-web-services
- bedrock
- claude
- llm
- python
Log in or sign up for Devpost to join the conversation.