Test Model for Security Vulnerability in Web Controls based on Fuzzing
نویسندگان
چکیده
The number of Web controls’ security vulnerability surged with ever-changing varieties of attacks. Therefore this paper analyzes test model for Web controls’ vulnerability, and put forward a improved test model for Web controls’ vulnerability. Be aimed to test vulnerability of Web ActiveX controls combining static analysis and dynamic analysis, as well as put forward a proposal of optimizing the generation engine for test data using “heuristic rule”. Experiment results show that test model for Web controls’ vulnerability based on fuzzing is effective and feasible, and it is able to manipulate interaction problems.
منابع مشابه
Proactive Security Testing and Fuzzing
Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flawless. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly insta...
متن کاملA Taint Based Smart Fuzzing Approach for Integer Overflow Vulnerability Detection
-Fuzzing is one of the most commonly used methods to detect software vulnerabilities which are one major cause of information security incidents. The basic idea of fuzzing is to discover software vulnerabilities by feeding unexpected input and monitoring abnormal behaviors. Although it has advantages of simple design and low error report, its efficiency is usually poor. In this paper we present...
متن کاملAutomatic Detection of Vulnerabilities in Web Applications using Fuzzing
Automatic detection of vulnerabilities is a problem studied in literature and a very important concern in application development with security requirements. Fuzzing is a software testing technique, automated or semi-automated, that involves injecting a massive quantity of semi-random inputs in software in order to find security vulnerabilities. Many vulnerability detection techniques need manu...
متن کاملA New Fuzzing Technique for Software Vulnerability Mining
Test case mutation and generation (m&g) based on data samples is an effective way to generate test cases for Knowledge-based fuzzing, but present m&g technique is only capable of one-dimensional m&g at a time, based on a data sample, and thus it is impossible to find a vulnerability that can only be detected by multidimensional m&g. This paper proposes a mathematical model FTSG that formally de...
متن کاملA New Fuzzing Method Using Multi Data Samples Combination
* Corresponding Author Abstract-Knowledge-based Fuzzing technologies have been applied successfully in software vulnerability mining, however, its current methods mainly focus on Fuzzing target software using a single data sample with one or multi-dimension input mutation [1], and thus the vulnerability mining results are not stable, false negatives of vulnerability are high and the selection o...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- JSW
دوره 7 شماره
صفحات -
تاریخ انتشار 2012