Test Model for Security Vulnerability in Web Controls based on Fuzzing

نویسندگان

  • Guoxiang Yao
  • Quanlong Guan
  • Kaibin Ni
چکیده

The number of Web controls’ security vulnerability surged with ever-changing varieties of attacks. Therefore this paper analyzes test model for Web controls’ vulnerability, and put forward a improved test model for Web controls’ vulnerability. Be aimed to test vulnerability of Web ActiveX controls combining static analysis and dynamic analysis, as well as put forward a proposal of optimizing the generation engine for test data using “heuristic rule”. Experiment results show that test model for Web controls’ vulnerability based on fuzzing is effective and feasible, and it is able to manipulate interaction problems.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Proactive Security Testing and Fuzzing

Software is bound to have security critical flaws, and no testing or code auditing can ensure that software is flawless. But software security testing requirements have improved radically during the past years, largely due to criticism from security conscious consumers and Enterprise customers. Whereas in the past, security flaws were taken for granted (and patches were quietly and humbly insta...

متن کامل

A Taint Based Smart Fuzzing Approach for Integer Overflow Vulnerability Detection

-Fuzzing is one of the most commonly used methods to detect software vulnerabilities which are one major cause of information security incidents. The basic idea of fuzzing is to discover software vulnerabilities by feeding unexpected input and monitoring abnormal behaviors. Although it has advantages of simple design and low error report, its efficiency is usually poor. In this paper we present...

متن کامل

Automatic Detection of Vulnerabilities in Web Applications using Fuzzing

Automatic detection of vulnerabilities is a problem studied in literature and a very important concern in application development with security requirements. Fuzzing is a software testing technique, automated or semi-automated, that involves injecting a massive quantity of semi-random inputs in software in order to find security vulnerabilities. Many vulnerability detection techniques need manu...

متن کامل

A New Fuzzing Technique for Software Vulnerability Mining

Test case mutation and generation (m&g) based on data samples is an effective way to generate test cases for Knowledge-based fuzzing, but present m&g technique is only capable of one-dimensional m&g at a time, based on a data sample, and thus it is impossible to find a vulnerability that can only be detected by multidimensional m&g. This paper proposes a mathematical model FTSG that formally de...

متن کامل

A New Fuzzing Method Using Multi Data Samples Combination

* Corresponding Author Abstract-Knowledge-based Fuzzing technologies have been applied successfully in software vulnerability mining, however, its current methods mainly focus on Fuzzing target software using a single data sample with one or multi-dimension input mutation [1], and thus the vulnerability mining results are not stable, false negatives of vulnerability are high and the selection o...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • JSW

دوره 7  شماره 

صفحات  -

تاریخ انتشار 2012